googleankan Posted August 12, 2015 Share Posted August 12, 2015 Hi, I wonder why echo is needed in the following lite of code (for a safe form submission)? I have searched for an answer but everyone seems to discuss the htmlspecialchar thing, but noone explains the "echo". <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> When I use this piece of code it results in a zero printed out on my website... Thanks a lot! Link to comment Share on other sites More sharing options...
davej Posted August 12, 2015 Share Posted August 12, 2015 The zero comes from something else. What happens if you use... <form method="post"> Link to comment Share on other sites More sharing options...
googleankan Posted August 12, 2015 Author Share Posted August 12, 2015 Hi Davej, So incredible silly of me! I have searched the document several times for any other "echo" or "print" without success, so I assumed that the echo above was the reason for the printed zero. But now I realised it was just a simple "0" that slipped in to the code :-S Thanks for pointing me in the right direction! But, I'm still curious about the "echo" in the form tag. Why is it needed and what does it do? Link to comment Share on other sites More sharing options...
Don E Posted August 12, 2015 Share Posted August 12, 2015 echo prints out what htmlspecialchars (a function in PHP) returns from when you pass $_SERVER['PHP_SELF'] to it. $_SERVER['PHP_SELF'] contains the current file name. For the action attribute, you may be able to just write into the action the name of the page instead of doing the whole php echo. Link to comment Share on other sites More sharing options...
davej Posted August 12, 2015 Share Posted August 12, 2015 The form action is the destination of the form submittal, but the default action is the current page if you omit the action attribute, so even though it became traditional to use PHP_SELF it is probably a bad idea, because it is vulnerable to a hacker exploit unless you also use the htmlspecialchars() function, so why do all that when you can simply omit the action? When you have a snippet of code such as... <?php echo $myname; ?> ...what you are doing is executing a small amount of Php code in order to generate a small part of your HTML. The Php command echo prints the $myname variable. http://www.w3schools.com/php/func_string_echo.asp ---last edit 5:56CDT Aug 12--- Link to comment Share on other sites More sharing options...
googleankan Posted August 13, 2015 Author Share Posted August 13, 2015 Thanks! I get that echo is for printing, but why is that command used in the action tag? Why do I need to print anything there? I thought that I was only supposed to call a function? From my rather basic knowledge point of view, I would rather have it like this (without the echo): <form method="post" action="<?php htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Link to comment Share on other sites More sharing options...
Ingolme Posted August 13, 2015 Share Posted August 13, 2015 Because the PHP doesn't know what the HTML does. Everything outside the <?php ?> block is completely irrelevant to the code. As far as PHP is concerned, there's no difference between <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> and ABC<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>XYZ Link to comment Share on other sites More sharing options...
justsomeguy Posted August 13, 2015 Share Posted August 13, 2015 From my rather basic knowledge point of view, I would rather have it like this (without the echo):<form method="post" action="<?php htmlspecialchars($_SERVER["PHP_SELF"]);?>">So, try that and see what happens. Put that code on the page, load it in the browser, use the browser to view the HTML source, and look at the form tag to see what PHP did. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now