{$_SERVER['PHP_SELF']}

[NONAME_2]

Hi, I use this form to call a function in self_php_page:addcomment;

but it doesn't work. Wich part of form is incorrect:

echo' <form action="{$_SERVER['PHP_SELF']}" .
         "?action=addcomment&id=$id" method="post" id="contactform" >';
echo' <ol>';
echo' <li>';
echo' <textarea id="message"  rows="6" cols="50" name="comment"></textarea>';
echo' </li>';
echo' <li class="buttons">';
echo' <input type="image" type="image" name="imageField" id="imageField" src="../images/send.gif"  />';
echo'</li></ol></form>';

i guess this line is incorrect:

action="{$_SERVER['PHP_SELF']}" .
         "?action=addcomment&id=$id"

TNX.

[trq]

Variables are not interpolated within single quotes.

[NONAME_2]

Hi , i changed but it has this error:

Parse error: parse error, expecting `','' or `';''

echo" <form action=\"{$_SERVER['PHP_SELF']}" .
         "?action=addcomment&id=$id\" method="post" id="contactform" >";

[trq]

Now you have a bunch of double quotes within your double quoted string.

[NONAME_2]

Hi ,TNX for your reply. i test but can't find the wrong double quotes .

[MMDE]

Hi , i changed but it has this error:

Parse error: parse error, expecting `','' or `';''

echo" <form action=\"{$_SERVER['PHP_SELF']}" .
         "?action=addcomment&id=$id\" method="post" id="contactform" >";

echo '<form action="?action=addcomment&id='.$id.'" method="post" id="contactform" >';

[NONAME_2]

Hi,free  error but it doesn't work.TNX.

[trq]

Define doesn't work.

[NONAME_2]

doesn't work means no-complete correct; it inserts to bank but :

1- i have an error:

Notice: Undefined index: action in C:\wamp\www\.. 

2- useless from method {$_SERVER['PHP_SELF']}

my current code is:

echo'<form action="?action=addcoment&id='.$id.'" method="post" id="contactform">';
echo' <ol>';
echo' <li>';
echo' <textarea id="message"  rows="6" cols="50" name="comment"></textarea>';
echo' </li>';
echo' <li class="buttons">';
echo' <input type="image"  type="image" name="imageField" id="imageField" src="../images/send.gif"  />';
echo'</li></ol></form>';
}
function addComent($id) {
$tour_id=$id;
//Include database connection details
	require_once('../config.php');
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
 if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
			}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Unable to select database");
}
    
    //insert the comment 
    $query = "INSERT INTO tour_comments " .
             "VALUES('','$tour_id'," .
             "'{$_POST['comment']}')";
    mysql_query($query);
    echo '<p class="success">TNX</p>';
    }
switch($_GET['action']) {
case 'show':
        displayOneItem($_GET['id']);
        break;
    case 'addcoment':
        addComent($_GET['id']);
        break;
    default:;
}

[MMDE]

You don't need to use $_SERVER['PHP_SELF']

if you're not going to another page, no need to really set the url.

but you want to send get data that way, and that should be done the way you did.

 

is the $id variable ever set?? =p

 

anyways, we just get half of your error messages and half of your code...

[NONAME_2]

Hi, my problem is :

Notice: Undefined index: action in C:\wamp\www\.. 

TNX.

[kenrbnsn]

Please post the FULL error message. The error tells us/you  which line is having the problem.

 

Ken

[NONAME_2]

Hi, Excuse me for my absent;

Notice: Undefined index: action in C:\wamp\www\..\tourin.php on line 326

line 326 in my code is:

switch($_GET['action']) {
case 'show':                   //<-------------------------(: THIS LINE
        displayOneItem($_GET['id']);
        break;
    case 'addcoment':
        addComent($_GET['id']);
        break;
    default:;
}

TNX.

[johnny86]

You shouldn't use $_GET or $_POST variables without sanitizing them somehow. Data that comes from user is always untrusted and should be processed before use.

 

Same goes to $_SERVER['PHP_SELF'] which is user dependent too and shouldn't be trusted. Use $_SERVER['SCRIPT_NAME'] instead.

[NONAME_2]

Hi , what do you mean; Plz show me in my code:

echo" <form action=\"{$_SERVER['PHP_SELF']}" .
         "?action=addcomment&id=$id\" method="post" id="contactform" >";

[johnny86]

Well, for that line you should replace $_SERVER['PHP_SELF'] with $_SERVER['SCRIPT_NAME']

 

This is the reason:

 

URL that client is at: www.yourdomain.com/something/form.php/../../../../something_not_to_access

$_SERVER['PHP_SELF'] = /something/form.php/../../../../something_not_to_access

$_SERVER['SCRIPT_NAME'] = /something/form.php

 

This is why you should not use $_SERVER['PHP_SELF'] because it depends on the URL client enters.

[mmarif4u]

Put this at the top of your code, as i think you have warning and notices enabled in php.ini

error_reporting(E_ALL ^ E_NOTICE);

 

For the {$_SERVER['PHP_SELF']}, use the MMDE suggestion:

echo '<form action="?action=addcomment&id='.$id.'" method="post" id="contactform" >';

[NONAME_2]

Hi all, i replace this:

switch($_GET['action']) {
case 'show':
        displayOneItem($_GET['id']);
        break;
    case 'addcoment':
        addComent($_GET['id']);
        break;
    default:;
}

with this:

if(isset($_GET['action']) && $_GET['action'] == 'addcoment')    {
            addComent($_GET['id']);
        }

and Error:

Notice: Undefined index: action in C:\wamp\www\..\tourin.php on line 326

GONE;

i used the MMDE suggestion:

echo '<form action="?action=addcomment&id='.$id.'" method="post" id="contactform" >';

and it works properly but i'm going to try johnny86 suggestion;

TNX for your answers.