[nycphp-talk] Form action submission trickery
Dan Cech
dcech at phpwerx.net
Fri Nov 30 12:25:36 EST 2007
Cliff Hirsch wrote:
> I like to use <form action =²² as a handy (ok, lazy) way to submit to ³self²
> and capture the current URI, including query string. It¹s nice to have this
> info for later processing for idempotent stuff, redirects, etc.
>
> But, my question ‹ can I count on it?
>
> The W3C says:
>
> action = uri [CT]
> This attribute specifies a form processing agent. User agent behavior
> for a value other than an HTTP URI is undefined.
>
> I translate this to mean action = ³² is not recommended, although I have
> never experienced a problem in IE or FireFox. From what I have seen, if the
> form method is Œget¹, a duplicate value in the query string will be
> overridden by the form input element. And for posts, php nicely fills both
> the post and get superglobals.
>
> So can I count of this behavior?
Technically using an empty string for the form action isn't correct,
however you could probably achieve the same effect using:
print '<form method="post" action="?'.
htmlspecialchars(http_build_query($_GET)) .'">
For the record, using PHP_SELF or other URI-related entries in $_SERVER
should be approached with extreme caution, as you never know what you're
likely to find there.
HTH,
Dan
More information about the talk
mailing list
Automatic Email Organization without missing anything!