PHP_SELF

Hello everybody!

Im a bit newbie with php and trying to submit my form now to mysql.

When the connection and the submit method is in the same file i use:

action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"

And everything is great!

But when redirect the action to different file like:

action="<?php echo htmlspecialchars($_SERVER["/send/sendIdea.php"]);?>"

i get nothing, no redirect at all, no error, just refreshing my register page with the form.
I was trying to type instead the path, the full URL but also no result.

How can i use the htmlspecialchars in the same way like the first example but for different path then PHP_SELF and work?

Thanks in advance!

[php]/* Get the current page */
$phpSelf = filter_input(INPUT_SERVER, ‘PHP_SELF’, FILTER_SANITIZE_URL);
$path_parts = pathinfo($phpSelf);
$basename = $path_parts[‘basename’]; // Use this variable for action=’’:
$pageName = ucfirst($path_parts[‘filename’]);[/php]

then do something like this ->

[php][/php]

just send it to a different file
[php][/php]

I don’t know how your directory structure is setup, so you might have to do some rearranging of the path.

If you have multiple nested directories you might want to fool around with the following:
an Example:
[php]define(“APP_ROOT”, dirname(dirname(FILE)));
define(“PRIVATE_PATH”, APP_ROOT . “/private”);
define(“PUBLIC_PATH”, APP_ROOT . “/public”);

require_once PRIVATE_PATH . “/vendor/autoload.php”;
require_once PRIVATE_PATH . “/security/security.php”;
require_once PRIVATE_PATH . “/config/config.php”;[/php]

If I had to guess it would be

[php]define(“APP_ROOT”, dirname(dirname(FILE)));
define(“MY_PATH”, APP_ROOT . “/send”);[/php]

[php]<form action="<?php echo MY_PATH . "/sendIdea.php"; ?>" method=“post”>[/php]

Hello and thanks for the great answer!

As I said I’m a bit newbie and I think that I will just go with the normal way action="/send/sendIdea.php" , because the other way sounds hard for me to understand so I prefer to go step by step with learning php.

Is it very unsecure if I dont use htmlspecialchars?

No, no no! You dont need a clustermuck of code. If you are submitting to the same page just leave the action completely out. If you are submitting to a different page all you need is the file name.

For file in same directory
action = “some_file.php”

But isn’t that dangerous? Why they have htmlspecialchars if I can use it so simple like action=“path/file.php” ?

There is no danger in leaving the action attribute out. There’s nothing happening dynamically with code.

The danger is in using PHP self.

Sponsor our Newsletter | Privacy Policy | Terms of Service