Jump to content

htmlspecialchars() function


Suneel Jituri

Recommended Posts

Hi all,

I am using htmlspecialchars() function for form submitting. But when I press submit button after filing the form. I encountered an error as:
Forbidden
You don't have permission to access /Proj_1/< on this server.
But when I remove the above htmlspecialchars() function then all goes smoothly. Please tell me how to solve this problem.

My code:

<!DOCTYPE html>
<html>
<head>
<title>Signup form</title>
<style>
body {background-color:lightblue}
h2 {color:blue}
p {color:green}
th, td {
padding : 25px;
}

div#page {
width: 500px;
float: left;
margin-left: 500px;
margin-top: 40px;
padding-top: 10px;
padding-bottom: 20px;
box-shadow: 10px 10px 20px 3px #d4d4d4;
border-radius: 10px;
background-color: #ffffff;
}
</style>
</head>

<body>
<h2 style="text-align:center">Please fill up the signup form, all fields are mandatory.</h2>
<div> </div>
<div id="page">
<table>
<form method = "post" action="<?php echo htmlspecialchars($_SERVER['signup.php']);?>"> // this piece of code has problem
<tr>
<td>Select title:</td>
<td><select name ="htitle">
<option value = "mr." selected> Mr.</option>
<option value = "miss" > Miss</option>
<option value = "ms." > Ms.</option>
<option value = "dr." > Dr.</option>
</select></td>

<tr>
<td>First Name:</td>
<td><input type="text" name= "hfname" autofocus></td>
</tr>

<tr>
<td>Last Name:</td>
<td><input type="text" name= "hlname"></td>
</tr>

<tr>
<td>E-mail address <strong>(This will be your login id)</strong>:</td>
<td><input type="text" name= "hcuemail"></td>
</tr>

<tr>
<td>Password <strong>(This will be your login password)</strong>:</td>
<td><input type="Password" name= "hpsswd"></td>
</tr>

<tr>
<td>Re-type password:</td>
<td><input type="Password" name= "hrepsswd"></td>
</tr>

<tr>
<td></td>
<td><input type = "submit" value = "Submit" name = "hsubmit" ></td>
<td><input type="reset" value="Reset"></td>
<tr>

</form>
</table>
</div>
</body>

</html>

Link to comment
Share on other sites

Hi dsonesuk, thanks for your reply. As per your reply I have removed the $_SERVER[] super global veriable. I have also corrected the <tr> element and not find any missing or misplace <td> element.

 

I used only:

 

<form method = "post" action="<?php echo htmlspecialchars('signup.php');?>">

 

But its still giving the same error.

 

And how can I take out the form elements from the table? Please show how to do it. The table is used to align the textboxes, buttons etc. in organized manner.

Link to comment
Share on other sites

You only use htmlspecialchars(), if you are using $_SERVER['PHP_SELF'] because it can be exploited to add JavaScript code by creating your own url to fictitious php files, or files on your server for hacking purposes, using 'singup.php' on its own means it will just go to that file when form is submitted.

 

This is explained in the link further down the page.

 

Tables:

 

Any html content can ONLY be inserted into td cells, the elements that have opening <div>.... closing </div> CANNOT be separated and placed in individual td cells, because of this the only option for form element opening/closing tags is to place OUTSIDE the table

 

<form>

<table>

 

table header, tr, td with html

 

 

</table>

 

</form>

Edited by dsonesuk
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...