SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: posting to self

  1. #1
    SitePoint Addict Kysmiley's Avatar
    Join Date
    Dec 2004
    Location
    Isonville KY
    Posts
    304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    posting to self

    I am doing a form that I want to post to itself. I have the form under the php it is a simple contact form. I did one years ago but got away from this and now I want to get back into it so its almost like starting over.
    is this correct... <form action="self" method="post">?
    Pat

  2. #2
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    Hi Pat,
    PHP Code:
    <form name="myForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
    should do it.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  3. #3
    SitePoint Addict Kysmiley's Avatar
    Join Date
    Dec 2004
    Location
    Isonville KY
    Posts
    304
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank-you Spike That sure was fast.

  4. #4
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    you're welcome
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  5. #5
    SitePoint Guru risoknop's Avatar
    Join Date
    Feb 2008
    Location
    end($world)
    Posts
    834
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    <form enctype="application/x-www-form-urlencoded" method="post" action="">
    Just leave the action attribute empty and it'll post to itself.

  6. #6
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    no as you then dont know where the form has come from and it will leave you open to XSS Cross Site Scripting Attacks.
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  7. #7
    SitePoint Guru risoknop's Avatar
    Join Date
    Feb 2008
    Location
    end($world)
    Posts
    834
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ View Post
    no as you then dont know where the form has come from and it will leave you open to XSS Cross Site Scripting Attacks.
    Didn't know that thanks

    I always include action myself I just noticed it works even without it.

  8. #8
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On the contrary, spikeZ's snippet is open to an XSS attack (PHP_SELF is not trustworthy) while risoknop's snippet is entirely safe...

    But you shouldn't do either. The former has that vulnerability and the latter doesn't work on all browsers (well, as far as mobile browsers go) if I recall correctly.

    PHP Code:
    <?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •