Jump to content

Form action to same page

NotionCommotion

By NotionCommotion
in PHP Coding Help

Recommended Posts

NotionCommotion Prolific Member

NotionCommotion

Posted
Posted

I've heard multiple recommendations when a form needs to post to itself.  Some say use PHP_SELF, others say leave it blank (even though it doesn't validate), etc.  Please provide the best practice, and reasons why.  Thank you

echo("<form method='post' action='{$_SERVER['PHP_SELF']}'>");
echo("<form method='post' action=''>");
Link to comment
https://forums.phpfreaks.com/topic/293033-form-action-to-same-page/
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

Using the raw value from PHP_SELF makes the form susceptible to XSS attacks. More information can be found here:

http://seancoates.com/blogs/xss-woes

 

To avoid this and still have the form direct the information back to itself, you can leave the action attribute blank. I tried validating a form with the action attribute blank and it passed. Have you tried validating your form here:

http://validator.w3.org/

 

If you don't want to leave the action attribute blank, you could also use your script's name. For example:

<form method="post" action="my-form-script.php">
NotionCommotion Prolific Member

NotionCommotion

Posted
  • Author
Posted

 

To avoid this and still have the form direct the information back to itself, you can leave the action attribute blank. I tried validating a form with the action attribute blank and it passed. Have you tried validating your form here:

http://validator.w3.org/

 

 

Yes, this is what I get.  You get something different?

 

 

  1. error.png Line 7, Column 38: Bad value for attribute action on element form: Must be non-empty. 
            <form method='post' action=''>
    Syntax of URL: Any URL. For example: /hello, #canvas, or http://example.org/. Characters should be represented in NFC and spaces should be escaped as %20. 
<!DOCTYPE html>
<html>
    <head>
        <title>xxx</title>
    </head>
    <body>
        <form method='post' action=''>
            <input type='submit' value='Save'>
        </form>
    </body>
</html>
Tom8001 Member

Tom8001

Posted
Posted

I usually just do 

<html>
<head><title>#</title></head>
<body>
<div id="form">
     <form action='' method='POST'>
     <td><b>Text:</b><input type='text'></td>
     </form>
</div>
</body>
</html>

Idk something like that i have always left it blank unless you want another page to process it & i have never had a problem.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.