cyberRobot Posted May 12, 2010 Share Posted May 12, 2010 Is there anything I need to be careful of with using REQUEST_URI? I'm updating a login script so that it works with URLs that contain variables. What I want to do is create a variable: $redirect = $_SERVER['REQUEST_URI']; Then for the part which displays the login form as needed, I'll add the following code: if($redirect != '') { echo "<form method='post' name='form' action='$redirect'>"; } else { echo "<form method='post' name='form' action='$_SERVER[php_SELF]'>"; } //...display the rest of the form Basically the $redirect variable will only be created for pages that require someone to be logged in before they can view the page content. Also, the GET variables will be sanitized as needed after they log in. Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/ Share on other sites More sharing options...
andrewgauger Posted May 13, 2010 Share Posted May 13, 2010 I apologize in advance if I'm wrong, but I thought that: action = "" does the same thing. Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057564 Share on other sites More sharing options...
cyberRobot Posted May 13, 2010 Author Share Posted May 13, 2010 I apologize in advance if I'm wrong, but I thought that: action = "" does the same thing. I'm not sure what you mean? Are you asking why I'm using single quotes around the action attribute value (action='$redirect') instead of double quotes (action="$redirect")? If so, I'm using single quotes because I'm already using double quotes around the entire <form> tag: echo "<form method='post' name='form' action='$redirect'>"; I could use double quotes again, but I would need to escape them: echo "<form method='post' name='form' action=\"$redirect\">"; Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057680 Share on other sites More sharing options...
Mchl Posted May 13, 2010 Share Posted May 13, 2010 No. What he says is: <form method='post' name='form' action=''> Will use current URL as action. Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057691 Share on other sites More sharing options...
Kryptix Posted May 13, 2010 Share Posted May 13, 2010 Then for the part which displays the login form as needed, I'll add the following code: if($redirect != '') { echo "<form method='post' name='form' action='$redirect'>"; } else { echo "<form method='post' name='form' action='$_SERVER[php_SELF]'>"; } //...display the rest of the form You could do the above in smaller code to: echo "<form method=\"post\" name=\"form\" action=\" . (($redirect) ? $redirect : $_SERVER['PHP_SELF']) . "\">"; Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057697 Share on other sites More sharing options...
cyberRobot Posted May 13, 2010 Author Share Posted May 13, 2010 Awesome, thanks andrewgauger and Mchl! That makes the process so much simplier...now I don't need add variables everywhere. Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057698 Share on other sites More sharing options...
Kryptix Posted May 13, 2010 Share Posted May 13, 2010 Also using just the below will post back to the same page as well, but I believe you need action for it to be valid XHTML. <form method="post"> Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057702 Share on other sites More sharing options...
cyberRobot Posted May 13, 2010 Author Share Posted May 13, 2010 Also using just the below will post back to the same page as well, but I believe you need action for it to be valid XHTML. Yep, the action attribute is required to be valid XHTML. Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057705 Share on other sites More sharing options...
andrewgauger Posted May 13, 2010 Share Posted May 13, 2010 I wasn't sure if you were using a combo get/post and if the action="" would post back anything following the ? Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057734 Share on other sites More sharing options...
cyberRobot Posted May 13, 2010 Author Share Posted May 13, 2010 Everything appears to be working great. I have however found that the solution doesn't work if the method attribute is set to 'get'. Quote Link to comment https://forums.phpfreaks.com/topic/201540-any-security-concerns-with-request_uri/#findComment-1057738 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.