Posted by Tim Van Wassenhove on 04/07/07 07:58

Jerim79 schreef:
> Here is my form:
>
> <?php
> $Number;
> $Email;

That's obosolete.. These days you get your input from the $_* arrays.
(And later on you'll probably get it from the input_* functions)

> if (empty($Number)){

if (isset($_POST['Number'])) {

> echo "<form action=\"{$_SERVER['PHP_SELF']}\" method=\"POST\">

Using $_SERVER['PHP_SELF'] leads to security problems.. You can achieve
the same result using '#' as action.

<form action='#' method='post'>

> This works fine in that it catches what it needs to catch. However,
> obviously, it prints out the error message upon first loading the
> page.

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// the user posted something, process the form...
} else {
// the user getted something, display the form...
}



--
Tim Van Wassenhove <url:http://www.timvw.be/>

[Back to original message]