posting to self

**Kysmiley** · May 9, 2009 14:46

I am doing a form that I want to post to itself. I have the form under the php it is a simple contact form. I did one years ago but got away from this and now I want to get back into it so its almost like starting over.
is this correct... <form action="self" method="post">?
Pat

**spikeZ** · May 9, 2009 14:48

Hi Pat,

PHP Code:


<form name="myForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >

should do it.

**Kysmiley** · May 9, 2009 14:51

Thank-you Spike That sure was fast.

**spikeZ** · May 9, 2009 14:58

you're welcome

**risoknop** · May 9, 2009 15:05

Code:

<form enctype="application/x-www-form-urlencoded" method="post" action="">

Just leave the action attribute empty and it'll post to itself.

**spikeZ** · May 9, 2009 15:14

no as you then dont know where the form has come from and it will leave you open to XSS Cross Site Scripting Attacks.

**risoknop** · May 9, 2009 15:21

Originally Posted by spikeZ

no as you then dont know where the form has come from and it will leave you open to XSS Cross Site Scripting Attacks.

Didn't know that thanks

I always include action myself I just noticed it works even without it.

**sk89q** · May 9, 2009 17:48

On the contrary, spikeZ's snippet is open to an XSS attack (PHP_SELF is not trustworthy) while risoknop's snippet is entirely safe...

But you shouldn't do either. The former has that vulnerability and the latter doesn't work on all browsers (well, as far as mobile browsers go) if I recall correctly.

PHP Code:


<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>

User Tag List

Thread: posting to self

Thread Tools

Display

posting to self

Bookmarks

Bookmarks

Posting Permissions