SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    Non-Member
    Join Date
    Apr 2006
    Location
    Scotland
    Posts
    325
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Difference between form action=$_SERVER['PHP_SELF']; and action=samefile.php

    Hi

    Can someone tell me the difference between using in a form:

    <form action="<?php $_SERVER['PHP_SELF']; ?>">

    and

    <form action="samefile.php">

    Thanks

  2. #2
    SitePoint Addict Skookum's Avatar
    Join Date
    Sep 2006
    Location
    Idaho
    Posts
    375
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by PHP.Net
    'PHP_SELF'

    The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The __FILE__ constant contains the full path and filename of the current (i.e. included) file.
    The difference is that one is hard coded and the other can be dynamic. When you hard code it in it will always go to that page, but when you use the PHP_SELF it will always go to the page that it thinks it is at.

    Example:
    http://example.com/Kungfu.php
    <form action="<?php $_SERVER['PHP_SELF']; ?>">
    The action would equal "Kungfu.php"

    http://example.com/Smilies.php
    <form action="<?php $_SERVER['PHP_SELF']; ?>">
    The action would equal "Smilies.php"

    It is the same code, but it can produce difference results depending upon the URL.

  3. #3
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <form action="<?php $_SERVER['PHP_SELF']; ?>"> always submits the form to the page that contains this form.

    <form action="samefile.php"> submits the form to the page called samefile.php which may or may not be the current file.

    Basically, if you use the former method you can change the filename later without having to change action property. That makes for a more flexible, portable code.

  4. #4
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i posted late. apologies.

  5. #5
    Non-Member
    Join Date
    Apr 2006
    Location
    Scotland
    Posts
    325
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks both.
    One thing though: does $_SERVER['PHP_SELF']; load the same file WITH query strings set in the address?

    Say the address currently is contact.php?message=hello. You are sending a feild called "message" by $_POST, and you put in the message "bye" will it load the file as...

    a) contact.php?message=hello&message=bye

    or

    b) contact.php?message=bye

  6. #6
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just contact.php

  7. #7
    SitePoint Addict Skookum's Avatar
    Join Date
    Sep 2006
    Location
    Idaho
    Posts
    375
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nope it will not pull the GET information from the URL it will only pull the file.

    Example:
    http://www.example.com/Yay.php?User='Legend'
    would be
    Yay.php

  8. #8
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Please note that PHP_SELF is tainted, you should always escape it.

    Code:
    WRONG!
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>">
    
    correct
    <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
    Details: http://blog.phpdoc.info/archives/13-guid.html

  9. #9
    SitePoint Wizard bronze trophy Kailash Badu's Avatar
    Join Date
    Nov 2005
    Posts
    2,561
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Say the address currently is contact.php?message=hello. You are sending a feild called "message" by $_POST, and you put in the message "bye" will it load the file as...

    a) contact.php?message=hello&message=bye

    or

    b) contact.php?message=bye
    Oh yes. i got your point. The file will load as ' contact.php?message=bye ' but PHP_SELF still represents the current filename without query strings.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •