jcanker Posted March 6, 2011 Share Posted March 6, 2011 I saw your sig file and read one of the articles about $_SERVER['PHP_SELF'] being awful. I admit, I've written scripts that submit the info to the same page, but I always just coded the page name directly into the action attribute. In my noobness, I never realized you *could* use PHP_SELF. One of the articles mentions a few fixes, including htmlentities or html special characters, but I guess my question to you is, why even bother? Why not just set the page name in action and check for $_POST['submit'] when the page (re)loads? I was going to send this as a PM then decided to open it up for the benefit of everyone and not bother your inbox. Quote Link to comment https://forums.phpfreaks.com/topic/229807-php_self-for-pikachu2000/ Share on other sites More sharing options...
Pikachu2000 Posted March 6, 2011 Share Posted March 6, 2011 Exactly. There's no point in even bothering with $_SERVER['PHP_SELF'] as a form action when you can either explicitly name the file or just use action="", since it's valid markup in html and xhtml. Unfortunately, there are so many poorly written tutorials out there that push its use, along with other bad coding practices, that it's something that probably won't go away anytime soon. Quote Link to comment https://forums.phpfreaks.com/topic/229807-php_self-for-pikachu2000/#findComment-1183716 Share on other sites More sharing options...
cunoodle2 Posted March 6, 2011 Share Posted March 6, 2011 I know that it is against some policy to send a PM to a mod about a coding question. In fact it MAY be against policies to address a thread to a mod but I am not sure. I did that once (sent a PM to a MOD) years back and will never do it again. You are absolutely right that you can just hard code in the file name. I would guess that many of the people that use $_SERVER['PHP_SELF'] would do it for flexibility/scalability reasons. They may re-use code on a number of pages/sites and it just makes it easier in that fashion. I have myself modified my code as a result of Pikachu2000's very very useful signature. I would be curious to see what other users do as well. Something like an overall "best practice" methodology. Quote Link to comment https://forums.phpfreaks.com/topic/229807-php_self-for-pikachu2000/#findComment-1183722 Share on other sites More sharing options...
Pikachu2000 Posted March 6, 2011 Share Posted March 6, 2011 If flexibility to change the filename is a concern, then action="" takes care of that problem. BTW, I don't think anyone will jump down anyone's throat for addressing a thread to a mod, especially when it relates to something like this, where i have the link in my signature. But you're right about it being against the rules to use the PM system to ask any other member for help, not just mods. Quote Link to comment https://forums.phpfreaks.com/topic/229807-php_self-for-pikachu2000/#findComment-1183726 Share on other sites More sharing options...
jcanker Posted March 6, 2011 Author Share Posted March 6, 2011 *technically* I was asking him about his sig, not a coding problem Some of the articles coming up in the Google search your sig links to indicates that action = "" still is subject to xss attacks. Yes? Still better policy to hard code the page and scalability be damned? Quote Link to comment https://forums.phpfreaks.com/topic/229807-php_self-for-pikachu2000/#findComment-1183757 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.