rocky_88

I ran into this confusion while trying to write a script for uploading a file using AJAX which would work in IE8. Apparently there is a hack to achieve this which involves the usage of iframes. What I've tried so far is submitting a form with just action attribute which redirects to another page. <form method="post" action="test.php"> <input type="text" name="name" /> <input type="submit" name="send" value="Send" /> </form> Even if I set the attribute to _self(default value), the page redirects to test.php and shows what ever is printed by the php script. Now when I set the target to _blank, the page test.php opens in a new tab and shows what ever is printed by the php script. <form method="post" action="test.php" target="_blank"> <input type="text" name="name" /> <input type="submit" name="send" value="Send" /> </form> And if I set the target to an iframe name present in the same page, the php response is printed in the iframe(which is the hack to upload a file) <form method="post" action="test.php" target="some_frame"> <input type="text" name="name" /> <input type="submit" name="send" value="Send" /> </form> <iframe name="some_frame" /> So what I want to know is how does the action and target attribute work once the form is submitted? When the target attribute is set to _self, the page redirects and then prints(action first and then target), but if the target attribute is set to _blank, first a new tab is opened and then the response is printed(first the target and then action) and when the target attribute is set to a frame_name, it prints within the frame(does it load the response from the page into the frame?). It would be really helpful if someone could assist me with a link or an explanation of the flow of a form submission, the order of execution of the action and target attributes and how do they work and in what order do they run.

Charset of database is also UTF-8

Ya, this problem never occurs when I use php. It happens only when I try to get data using ajax.

@scootstah Thank you for the quick response, Yes, I do have that in HTML head, but still it does not seem to work unless I use utf8_encode function.

I'm using ajax to retrieve data from database. Using php when I echo the data, spanish characters such as "á é" are replaced by "�". After searching for hours I found out that this happens due to different charset. Using php utf8_encode() solves the problem and all characters are displayed properly. Out of curiosity I used mb_detect_encoding() to check the encoding and it shows that the encoding is UTF8. So if the encoding is UTF8 by default, then why dont I get proper output without the use of utf8_encode function?

I'm pretty sure that it does work that way as i'm validating other fields too using regex and they work just fine. Its just with this particular "alphabets only" condition.

This is the output. For my code, it shows invalid if I use regex and valid if I use ctype_alpha().

@Pikachu2000 I tried random values. It shows invalid for abcd xyz or anything that I enter.

@Pikachu2000 Thanks for that, it did the job. Any idea as to what's the error in the code I mentioned?

I'm unable to validate my text box which should contain only alphabets. Here is the code $string=preg_match("/^[a-zA-Z]+$/",$string); if($string) { echo "Valid"; } else { echo "Invalid"; } Even though the textbox contains only alphabets, it shows invalid. I dont know what i'm doing wrong here. However, if I leave a space inside the character class, it validates the string. I've checked the output of the string and there are no spaces what so ever, yet it shows invalid.

@fugix Thanks for the solution and confirmation. @JKG Thanks for the assist.

@fugix Thank you for replying, So is it ideal to set the form action="#" if the form has to be submitted onto the same page regardless of my case here? Coz all my form submit onto the same page before navigating to another.

@JKG Well i have a table which contains 4 fields. Id, username, name & age. On the web page the id value is appended to the link which opens a new page containing user details. I'm using that id from the link to display data onto the new page. But it looks like I am logically wrong somewhere as i'm getting too many errors. Leaving form action empty doesnt cause any security issue right? Like vulnerability to XSS in the case of $_SERVER['PHP_SELF'];?

@JKG Thank you for replying, if I echo $_SERVER['PHP_SELF']; I get an error when i submit my form. If I do not echo it or remove the action attribute, it works just fine. As i've read, $_SERVER['PHP_SELF'] gets the current file name and then we echo it into the action. But I do not want that as I can manually type the file name into the action field. The URL of my page contains the file name followed by a variable with value. Using that variable value from the URL my page displays data onto the page. So as soon as I submit the form, the variable from the URL is removed(replaced by the file name ONLY) which causes the error.This is the reason i get an error if I echo $_SERVER['PHP_SELF']; So I wanted to know if it is safe to exclude the action attribute of the form? Is it the right way of doing it in my case?

I'm not sure if this is exactly a coding help question, excuse me if its not. I want to know what is the best & secure way to submit a form to itself. I've tried to google the answer, but did not get a proper answer with explanation or may be I didnt use proper keywords to search it. Out of these which one do i use? // Leave the action field empty. <form method="POST" action=""> //$PHP_SELF, also if i use echo $PHP_SELF my form does not work like it should. <form method="POST" action="<?$PHP_SELF?>"> //$_SERVER['PHP_SELF'], same problem as $PHP_SELF, it doesnt work if i use echo. <form method="POST" action="<?$_SERVER['PHP_SELF']?>">