I have a cool html generator that generates html from a drag and drop interface. I have tried to customise it by adding some simple php to it for form validation. The problem I am having is that when I click "Get HTML" it changes my php code from:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
to something like
<form method="post" action="<?< echo htmlspecialchars($_SERVER["PHP_SELF"]);>>">
Is there a way to get it to show the html without messing up the php? It seems to just change the php tags themselves.
Related
Am using
<form action="<?php echo htmlspecialchars(Uri::getInstance()->toString()); ?>" method="post"
name="adminForm" id="adminForm">
However, theres dynamic link which is generated like on clicking link as
https://www.mywebsite.com/index.php?option=com_rsform&formId=1&form[car]=Honda&form[Model]=City%20Hybrid%20e%20HEV
Due to above code for htmlspecialchars link on clicking is just refresing the page. I understand the purpose of htmlspecialchars for security
Any workaround solution that the dynamic link as generated can be executed.
I am submitting an HTML form to the same page to handle with PHP and figured out that I can use action="./", which works fine for me so far (in a test environment).
I am a little unsure though because all the examples I find recommend using either
action=""
or
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>"
I don't want to use action="" because the HTML Standard specifically states
The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces.
Is there any reason not to use action="./"? It seems better (more readable, less PHP) to me but it's confusing me that all the examples I find recommend the PHP approach.
Using ./ works in a lot of cases but can lead to unwanted behaviour if not understood correctly. It's also unnecessary as default behaviour of forms without the action attribute is to submit the form to the same page.
Use <form method="post"> to submit to the same page.
Don't use <form action="" method="post">. This will also submit to the same page but it's invalid according to the HTML standard.
i am new to php. i have designed a form in html and its php part in different file.now i want to connect the file with each other. i have tried using
<form action="file.php" method="post">
but connecting in this way is not secured and i cannot connect using
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
as this will work only if the php codes and html codes are written in same file. please help me.
if i use
and if someone enters this url as
http://www.variable.com/file.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E
then it will show alert box telling it is hacked.
As the Method is 'POST', it's Secure. No need to worry.
Or else..
Create a 'Session' on submiting the form. So no direct access to the php file would occur.
Thanks.
bhumin.vadalia#gmail.com
I can't understand you well, but connecting it this way is secure. If you have this form in html file:
<form action="file.php" method="post">
<input type="password" name="password">
</form>
And you have file called file.php in the same directory it is perfectly fine. In the PHP file you should have:
<?php
$password = $_POST["password"];
To get your input. Ask me something else if you don't understand it :)
As you wrote in your comments, your field shows raw text without "escaping" HTML characters.
In your file.php put or edit with:
echo htmlspecialchars($_POST['yourfield']);
Then output will not be "hacked" by JavaScript.
I would like to use the data entered in the html form and insert into MYSQL. I have a separate php (cus.php). but nothing is happening with current code I have
at the moment when I click "register" I'm nav to the php file. Thank you
You forgot the most important thing about an HTML form: the <form> tag.
You have to wrap the whole form (all inputs) which should be submitted when clicking like this:
<form method="POST" action="cus.php">
...
</form>
This will send all inputs to cus.php and make them available there as variables $_POST['input_name']. You can alternatively use GET as the method (and then use the $_GET array instead).
Edit: Didn't see it, you actually do have a form tag. However it's missing the target file in its action attribute.
First, see DCoder's comment. It's the most important.
Change:
<form action="" method="seller">
To:
<form action="cus.php" method="post">
Does that fix it?
Try to do this
FORM action="your script" method="Post"
I'm programming a webpage and in my index, I have two forms.
The 1st is for the login:
<form method="post" action="login.php">...</form>
The 2nd is for search:
<form method="post" action="search.php">...</form>
My problem is that when I submit the search form, it works as if the action is targeting login.php. When I see the source code, the tag <form method="post" action="search.php"> doesn't appear.
The most probable cause of the problem is incorrectly nested forms or missing closing form for login form. Check the generated HTML for the validity of the HTML and if not post the generated HTML so that we can help you debug.
It is hard to tell without seeing the complete page, but I would guess that you have one form inside the other — which is forbidden. You cannot nest forms.
Turns out I didn't really close the form tags, I typed <form> instead of </form>. Sorry.