Page 1 of 1
Hi, What is action="$PHP_SELF"
Posted: Wed Jun 21, 2006 9:04 am
by aaaaaaaaaa
Hi, Could anybody expain me this code?
Posted: Wed Jun 21, 2006 9:10 am
by bdlang
That specific code gives you the ability to say 'use
this script when posting the form' in an abstract way; you don't have to hard-code the script name into the form. It's useful when you're including a script with a form on it, etc.
It's part of the
$_SERVER superglobal, and in fact, using $PHP_SELF indicates register_globals = On, which is a bad thing. Use $_SERVER['PHP_SELF'] instead.
Before you contemplate using it, however, read the results in Google search: '
php PHP_SELF insecure'.
Posted: Wed Jun 21, 2006 1:48 pm
by timvw
If you see get to see action=$_PHP_SELF you should be alert, since in my experience it's a bad sign...
The cleanest solution for this 'snippet' of php/html code is (imho): action='#'
Posted: Wed Jun 21, 2006 1:57 pm
by Benjamin
What about...
Code: Select all
<form method="post" action="">
</form>
Posted: Wed Jun 21, 2006 4:17 pm
by timvw
If i remember well, last we tried it (overhere @phpdevnet) some browsers didn't seem to handle '' as target very well. It was then that we found that '#' was a better choice

Posted: Wed Jun 21, 2006 4:18 pm
by Benjamin
Good to know..
Posted: Wed Jun 21, 2006 7:12 pm
by timvw
It would have been better if i remembered which browsers (and which versions) had problems with the '' target... This way i could regularly check up on them... Now it seems as if this is going to become a 'rule', but nobody remembers where it came from (Which is not a good thing!)