Jump to content
googleankan

Why do I need to use echo in form submission?

Recommended Posts

Hi,

 

I wonder why echo is needed in the following lite of code (for a safe form submission)? I have searched for an answer but everyone seems to discuss the htmlspecialchar thing, but noone explains the "echo".

 

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

 

When I use this piece of code it results in a zero printed out on my website...

 

Thanks a lot!

Share this post


Link to post
Share on other sites

The zero comes from something else. What happens if you use...

<form method="post">

Share this post


Link to post
Share on other sites

Hi Davej,

 

So incredible silly of me! I have searched the document several times for any other "echo" or "print" without success, so I assumed that the echo above was the reason for the printed zero. But now I realised it was just a simple "0" that slipped in to the code :-S

Thanks for pointing me in the right direction!

 

But, I'm still curious about the "echo" in the form tag. Why is it needed and what does it do?

Share this post


Link to post
Share on other sites

echo prints out what htmlspecialchars (a function in PHP) returns from when you pass $_SERVER['PHP_SELF'] to it.

 

$_SERVER['PHP_SELF'] contains the current file name. For the action attribute, you may be able to just write into the action the name of the page instead of doing the whole php echo.

Share this post


Link to post
Share on other sites

The form action is the destination of the form submittal, but the default action is the current page if you omit the action attribute, so even though it became traditional to use PHP_SELF it is probably a bad idea, because it is vulnerable to a hacker exploit unless you also use the htmlspecialchars() function, so why do all that when you can simply omit the action?

 

When you have a snippet of code such as...

<?php echo $myname; ?>

...what you are doing is executing a small amount of Php code in order to generate a small part of your HTML. The Php command echo prints the $myname variable.

 

http://www.w3schools.com/php/func_string_echo.asp

 

---last edit 5:56CDT Aug 12---

Share this post


Link to post
Share on other sites

Thanks!

I get that echo is for printing, but why is that command used in the action tag? Why do I need to print anything there? I thought that I was only supposed to call a function? From my rather basic knowledge point of view, I would rather have it like this (without the echo):

 

<form method="post" action="<?php htmlspecialchars($_SERVER["PHP_SELF"]);?>">

Share this post


Link to post
Share on other sites

Because the PHP doesn't know what the HTML does. Everything outside the <?php ?> block is completely irrelevant to the code.

 

As far as PHP is concerned, there's no difference between

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

and

ABC<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>XYZ

Share this post


Link to post
Share on other sites

From my rather basic knowledge point of view, I would rather have it like this (without the echo):<form method="post" action="<?php htmlspecialchars($_SERVER["PHP_SELF"]);?>">

So, try that and see what happens. Put that code on the page, load it in the browser, use the browser to view the HTML source, and look at the form tag to see what PHP did.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...