[nycphp-talk] Form action submission trickery
Brian D.
brian at realm3.com
Fri Nov 30 12:08:29 EST 2007
I don't know the answer of whether or not it's reliable, but could you
use $_SERVER['PHP_SELF']?
(Which leads to the question, is PHP_SELF safe to use, or should you escape it?)
- B.
On Nov 30, 2007 9:54 AM, Cliff Hirsch <cliff at pinestream.com> wrote:
>
> I like to use <form action ="" as a handy (ok, lazy) way to submit to
> "self" and capture the current URI, including query string. It's nice to
> have this info for later processing for idempotent stuff, redirects, etc.
>
> But, my question — can I count on it?
>
> The W3C says:
>
> action = uri [CT]
> This attribute specifies a form processing agent. User agent behavior
> for a value other than an HTTP URI is undefined.
>
> I translate this to mean action = "" is not recommended, although I have
> never experienced a problem in IE or FireFox. From what I have seen, if the
> form method is 'get', a duplicate value in the query string will be
> overridden by the form input element. And for posts, php nicely fills both
> the post and get superglobals.
>
> So can I count of this behavior?
>
> Cliff
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
--
realm3 web applications [realm3.com]
freelance consulting, application development
(423) 506-0349
More information about the talk
mailing list