|
|
Posted by Tim Van Wassenhove on 02/20/07 16:10
Jerim79 schreef:
> My boss has saddled me with this task, so I don't know all the
> specifics. What I do know, is that I am looking for something similar
> to this:
>
> <form action="<? echo $PHPSELF ?>" method="POST">
>
> Syntax aside, I think you can see what we are trying to accomplish. We
> want to use PHP to call the exact same page that the form is on, for
> processing. I take it that the page with the form will also contain
> some PHP code that is executed when the page is reloaded. We want to
> be able to reload the page, independent of the page name. So that if
> we decide to rename the page foo.php or bar.php, it doesn't matter
> because the form reloads its own page by reference, and not by name.
>
> Other than $PHPSELF, $PHP_SELF or $SERVER['PHP_SELF'] (that should
> just about cover it), what other options are there? I am looking for
> all possible ways to do this. If you want, please just respond with a
> keyword or a code snippet. I can research the details. Thank you in
> advance.
all the variants of $_SERVER['PHP_SELF'] have the flaw that they come
from the user.. And thus are unsafe by definition...
Afaik, if you use <form action="#" method="POST"> all browsers will post
to the same URL that used to request the page. So you get the same
behaviour, without the potential security issue.
--
Tim Van Wassenhove <url:http://www.timvw.be/>
Navigation:
[Reply to this message]
|