php form action php self

Question

I have a php form like this.

<form name="form1" id="mainForm" method="post"enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF'];?>">

</form

In form action I want to use page name with parameters. like house.php?p_id=10111 . But $_SERVER['PHP_SELF'] gives only the house.php (My page full url is house.php?p_id=10111 like this) Please help me to solve this problem. thanks.

yes. Alex is correct. I'm now using $_SERVER['PHP_SELF']."?P_id=".$id — Sasindu H
– Sasindu H, Commented Jul 28, 2011 at 17:16
mixing post and get parameters is poor practice. if you're posting, then use hidden form fields to pass through any 'get'-type values. — Marc B
– Marc B, Commented Jul 28, 2011 at 17:22
I disagree with @MarcB that putting query string parameters in an action is bad practice. There are many sites that use query strings to determine what content (page or state) to load and use the contents of POST to carry data. — TecBrat
– TecBrat, Commented Aug 21, 2013 at 15:44

w5m · Accepted Answer · 2013-12-06 15:28:01Z

81

How about leaving it empty, what is wrong with that?

<form name="form1" id="mainForm" method="post" enctype="multipart/form-data" action="">

</form>

Also, you can omit the action attribute and it will work as expected.

edited Dec 6, 2013 at 15:28

w5m

2,3463 gold badges35 silver badges47 bronze badges

answered Jul 28, 2011 at 17:00

Shef

45.6k15 gold badges82 silver badges91 bronze badges

Sign up to request clarification or add additional context in comments.

6 Comments

Sasindu H Over a year ago

Thanks for this. I think this is the easiest and best way to do this.

gadlol Over a year ago

By leaving it empty, breaks w3c validation (in case you care)

Shef Over a year ago

@jBaron Yes, that's the case in HTML5, but you can omit the empty action="" attribute altogether. It will validate and work as expected.

Avnish Tiwary Over a year ago

@Shef It is bad practice to use post method for same page. Browser will always alert when one refresh the page.

Shef Over a year ago

@Avnishalok The browser will always alert whenever someone refreshes the page after a submit. It doesn't matter if the submission is on a different page or the same page.

|

Freesnöw · Accepted Answer · 2014-02-21 14:35:49Z

16

You can leave action blank or use this code:

<form name="form1" id="mainForm" method="post" enctype="multipart/form-data" action="<?php echo $_SERVER['REQUEST_URI'];?>">
</form>

edited Feb 21, 2014 at 14:35

Freesnöw

32.6k31 gold badges94 silver badges142 bronze badges

answered Jul 28, 2011 at 17:02

shaggy

1,7282 gold badges15 silver badges17 bronze badges

Comments

Matt R. Wilson · Accepted Answer · 2011-07-28 17:01:01Z

9

Leaving the action value blank will cause the form to post back to itself.

answered Jul 28, 2011 at 17:01

Matt R. Wilson

7,5955 gold badges35 silver badges51 bronze badges

Comments

joskah · Accepted Answer · 2013-12-08 19:59:54Z

7

You can use an echo shortcut also instead of typing out "echo blah;" as shown below:

<form method="POST" action="<?=($_SERVER['PHP_SELF'])?>">

answered Dec 8, 2013 at 19:59

joskah

731 silver badge2 bronze badges

1 Comment

Chad Over a year ago

This allows for XSS attacks, you need to filter/sanatize PHP_SELF

Lakshman Kambam · Accepted Answer · 2016-12-20 02:19:52Z

4

This is Perfect. try this one :)

<form name="test" method="post" enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>">
/* Html Input Fields */
</form>

edited Dec 20, 2016 at 2:19

answered Nov 21, 2013 at 21:37

Lakshman Kambam

1,61815 silver badges22 bronze badges

1 Comment

Chad Over a year ago

This allows for XSS attacks, you need to filter/sanatize PHP_SELF

Arda · Accepted Answer · 2014-11-18 15:33:48Z

2

Another (and in my opinion proper) method is use the __FILE__ constant if you don't like to rely on $_SERVER variables.

$parts = explode(DIRECTORY_SEPARATOR, __FILE__);
$fileName = end($parts);
echo $fileName;

About magic and predefined constants: 1, 2.

answered Nov 18, 2014 at 15:33

Arda

6,9633 gold badges53 silver badges70 bronze badges

Comments

CryptoRhino · Accepted Answer · 2021-01-10 17:14:24Z

1

The easiest way to do it is leaving action blank action="" or omitting it completely from the form tag, however it is bad practice (if at all you care about it).

Incase you do care about it, the best you can do is:

<form name="form1" id="mainForm" method="post" enctype="multipart/form-data" action="<?php echo($_SERVER['PHP_SELF'] . http_build_query($_GET));?>">

The best thing about using this is that even arrays are converted so no need to do anything else for any kind of data.

answered Jan 10, 2021 at 17:14

CryptoRhino

273 bronze badges

Comments

gleb · Accepted Answer · 2019-05-27 14:07:35Z

0

If you want to be secure use this:<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

answered May 27, 2019 at 14:07

gleb

591 silver badge8 bronze badges

Collectives™ on Stack Overflow

php form action php self

8 Answers 8

6 Comments

Comments

Comments

1 Comment

1 Comment

Comments

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

8 Answers 8

6 Comments

Comments

Comments

1 Comment

1 Comment

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related