homepage Welcome to WebmasterWorld Guest from 54.196.196.108
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Help with $_SERVER['PHP_SELF'] inside a variable
I can't get it to work!
travelbuff




msg:1283989
 11:12 pm on Dec 19, 2003 (gmt 0)

Can someone tell me what is wrong with this please:

//create the login form
$loginform .= '<table width="300" border="2" align="center">
<tr>
<td><form name="form1" id="form1" method="post" action="<? $_SERVER[\'PHP_SELF\']?>" />
<p align="left">
<input name="admin_email" type="text" id="admin_email" />
Primary Email Address</p>
<p align="left">
<input name="pwd" type="password" id="pwd" />
Password</p>
<p align="left">
<input type="submit" name="Submit" value="Submit" />
</p>
</form></td>
</tr>
</table>' ;

I am going to echo $loginform later on in the script, if needed.

The $_SERVER['PHP_SELF'] does not work - it looks for it as a file name and I just get a 404. I have tried escaping it a bunch of different ways, creating another variable to hold it, putting curly brackets and/or periods around it, etc.

Thanks for your help!

Mark

 

mipapage




msg:1283990
 11:19 pm on Dec 19, 2003 (gmt 0)

I would replace the ' for ", escape all of the "s (ie \") and remove the <?> from the $_SERVER...



<?php  
$loginform .= "<table width=\"300\" border=\"2\" align=\"center\">
<tr>
<td><form name=\"form1\" id=\"form1\" method=\"post\" action=\"$_SERVER[PHP_SELF]\" />
<p align=\"left\">
<input name=\"admin_email\" type=\"text\" id=\"admin_email\" />
Primary Email Address</p>
<p align=\"left\">
<input name=\"pwd\" type=\"password\" id=\"pwd\" />
Password</p>
<p align=\"left\">
<input type=\"submit\" name=\"Submit\" value=\"Submit\" />
</p>
</form></td>
</tr>
</table>" ;

echo ($loginform);

?>

Works for me!

figment88




msg:1283991
 12:01 am on Dec 20, 2003 (gmt 0)

mips solution I'm sure works.

In the original, though, you need to echo the variable and have a semi-colon at the end of the statement.

BTW you can just not have an action parameter in your form tag and it will submit to itself.

mipapage




msg:1283992
 12:04 am on Dec 20, 2003 (gmt 0)

BTW you can just not have an action parameter in your form tag and it will submit to itself.

Not anymore! [webmasterworld.com]

ergophobe




msg:1283993
 12:23 am on Dec 20, 2003 (gmt 0)

Travelbuff,

The problem is simple - you can't switch in and out of php within quotes.

$loginform .= '<table width="300" border="2" align="center">
<tr>
<td><form name="form1" id="form1" method="post" action="<? $_SERVER[\'PHP_SELF\']?>" />

Your html page is going to have
action="<?$_SERVER....

You need to do something like

$loginform .= 'action="' . <? php stuff in here?> . 'more text goes here';

figment88




msg:1283994
 12:29 am on Dec 20, 2003 (gmt 0)

mips that is interesting. I don't know why having a form without an action parameter direct to the homepage rather than itself is more logical to the folks at safari.

ergo you are completely wrong. The double quotes in HTML have no impact once the opening php tag <? is parsed. The problem is the lack of an echo statement as I indicated above.

tosho




msg:1283995
 1:38 am on Dec 20, 2003 (gmt 0)

The double quotes in HTML have no impact once the opening php tag <? is parsed. The problem is the lack of an echo statement as I indicated above.

figment, look at the code again. he's already in php, and he's trying to enter in php again. If the quotes used for defining $loginform were double quotes and not single ones, this whole thing would return a parse error. In this case it doesn't because of the single quotes used. As per php manual:

// Using single quotes will print the variable name, not the value
echo 'foo is $foo'; // foo is $foo

The variables are NOT parsed when used in signle-quote-quoted strings.

So the fastest way to fix this imho is to use concatenation:

action="'.$_SERVER["PHP_SELF"].'" />

Dirty, I know, but...

mipapage




msg:1283996
 1:52 am on Dec 20, 2003 (gmt 0)

So the fastest way to fix this imho is to use concatenation:

action="'.$_SERVER["PHP_SELF"].'" />

Riiight - the quicker way. Missed it (and had my find and replace all ready to go!).


I don't know why having a form without an action parameter direct to the homepage rather than itself is more logical to the folks at safari.

I think in the end it came down to standards support - or, more like not supporting 'non-standard' development.

ergophobe




msg:1283997
 4:49 am on Dec 20, 2003 (gmt 0)


ergo you are completely wrong. The double quotes in HTML have no impact once the opening php tag <? is parsed. The problem is the lack of an echo statement as I indicated above.

Completely wrong? snicker snicker... look at it again because, dare I be so bold, you are completely wrong ;-). Tosho and I are right. He's putting everything inside SINGLE quotes and trying to invoke PHP again from within single quotes.

Tom

figment88




msg:1283998
 6:09 am on Dec 20, 2003 (gmt 0)

ok you got me - I blew it,

Since my foot seems to be continually in mouth on this topic let me add another few nuggets.

1) in the original post another BTW would not be to include everything in the php parser. It is faster to let HTML go through unparsed and then switch to in and out of php to echo variables.

2) I know safari is looking to be more standard compliant. Question, though, what is the standard. Seems to me it is IE not W3. At least that is the browser almost all of my sites visitors use.

I might change the way my site is coded to accomodate safari, you might, and thousands of other webmasters might. Problem is that still leaves 10's of millions of forms not working correctly. Wonder who will get frustrated first.

travelbuff




msg:1283999
 2:16 pm on Dec 20, 2003 (gmt 0)

So the fastest way to fix this imho is to use concatenation:

action="'.$_SERVER["PHP_SELF"].'" />

Thanks, that worked like a charm! I see what I did there now. This is my first real attempt at writing a full blown application, I am sure I will be back asking other bonehead questions! ;-)

ergophobe




msg:1284000
 8:05 pm on Dec 20, 2003 (gmt 0)

Okay, having had my fun with figment, I have to say that he is right in principle in that the way you are doing it is... sub-optimal.

You may not be able to switch in and our of HTML depending on how you are using this (i.e. if assigning it all to a variable).

Things I might suggest to clean up your code.

1. use a function
2. use the heredoc syntax As the manual says

Heredoc text behaves just like a double-quoted string, without the double-quotes. This means that you do not need to escape quotes in your here docs, but you can still use the escape codes listed above. Variables are expanded, but the same care must be taken when expressing complex variables inside a here doc as with strings.

Advantages
- no need to escape quotes
- handles very long strings efficiently
- cleand
- variable substitution as in double quotes

function get_loginform($action="") {
if (!$action) {$action = $_SERVER['PHP_SELF'];}

$loginform <<<formstring
<table width="300" border="2" align="center">
<tr>
<td><form name="form1" id="form1" method="post" action="$action" />
<<<formstring;
return $loginform;
}

remember, if you have arrays or such and want to use simple variable substitution, you need to do {$array['id']} and not $array['id']

Tom

mipapage




msg:1284001
 8:15 pm on Dec 20, 2003 (gmt 0)

Phew! just when you thought you knew it all (tootally kidding there).

ergophobe, thanks for the tips!

coopster




msg:1284002
 8:54 pm on Dec 20, 2003 (gmt 0)

ergophobe, I think you meant to assign the value of the heredoc syntax to the $loginform variable, correct? If so, you'll need the assignment operator (=):

$loginform = <<<formstring

ergophobe




msg:1284003
 11:21 pm on Dec 20, 2003 (gmt 0)

Whoops - what coopster said.

Yes I forgot the assignment operator.

Thanks for the correction!

Tom

daisho




msg:1284004
 2:33 pm on Dec 22, 2003 (gmt 0)

Simple use brack brackets.

ie:

$myvar="This is me: ${_SERVER['PHP_SELF']}";

Elegant and easy to read :)

Just not that this form of writing an assosiative array is _only_ supported between double quotes.

ie:

$myvar=${_SERVER['PHP_SELF']};

will fail with a compile problem.

Just a note that the convension $_SERVER[PHP_SELF] is not valid (notice the missing single quotes around PHP_SELF). What you are acctually doing is asking PHP to look up the key that's in the define "PHP_SELF" ie: define('PHP_SELF','TEST'); If PHP_SELF is not defined (which is it probably not) PHP will issue a none existant define warning and treat PHP_SELF as a literal (So you get the result you want along with a warning as long as PHP_SELF is not defined).

This is a bad habbit since if you ever did define this then you are not going to get the value you expect and it's going to be tough to track down.

daisho.

daisho




msg:1284005
 2:48 pm on Dec 22, 2003 (gmt 0)


figment88 wrote:
BTW you can just not have an action parameter in your form tag and it will submit to itself.

This is not the case though sometimes it does seem like that is what's happening. Without an action the form will post to the current directory. Most people have a "DirectoryIndex" parameter in there apache config listing for example "index.php index.html default.php default.html" and so on. This way if you go to [mysite.com...] apache will look in the login directory for one of the files that is listed in the "DirectoryIndex".

When you post and have an empty action it will post do the base directory of the current url. (ie if the form is on [mysite.com...] then the post will go do [mysite.com)...]

Then because of the directoryindex apache will pick one of the default files to handle the form submission.

Leaving a blank action will work if you want to post to index.php (or one of the other files listed in DirectoryIndex) and so it will work. Anything but that serario and you _need_ the action parameter.

daisho.

travelbuff




msg:1284006
 2:33 pm on Dec 23, 2003 (gmt 0)

Tom:

Thanks for the heads-up on heredoc. I have read 2 php books and taken several online tutorials and none of the talked about it!

I have one more questiont though - what is the benefit of making the form a function rather than a variable? What I am doing is adding an authentication script to the top of a bunch of pages. If the user is not validated, the the script is called via an incltude, they login and then can access the page. So basically every page is a login page.

Thanks for the good advice!

Mark

mipapage




msg:1284007
 2:48 pm on Dec 23, 2003 (gmt 0)

Thanks for the heads-up on heredoc. I have read 2 php books and taken several online tutorials and none of the talked about it!

Me too, put it to use right away.


what is the benefit of making the form a function rather than a variable? What I am doing is adding an authentication script to the top of a bunch of pages. If the user is not validated, the the script is called via an incltude...

I'm no expert, but it seems that you are doing with an include one of the things that a function is used for:

if(!$PHP_AUTH){login();} 
else {}

vs

if(!$PHP_AUTH){include("login.php");} 
else {}

My rookie view - you're compartmentalizing the login idea with an include rather than a funtion.

ergophobe




msg:1284008
 1:13 am on Dec 24, 2003 (gmt 0)

As Daisho said (and actually I noted the same thing in my post), you can use braces to solveyour original problem, but I think doing just that and only that leaves it still rather hard to follow.

As for functions or not, it depends on how often you think you will use it. If it will be used more than once, make it a function. If it will be used on multiple pages, make it a function in a library (actually, in practice, almost all my functions are).

One advantage to functions and classes is that they force better coding and allow better functional and data abstraction. What goes on inside stays inside. All that goes in is passed as variables, all that comes out comes out via the return statement. Much less likely to end up with data corruption.

Tom

ps if you don't know what I mean by abstraction, google on "SICP Abelson" (no quotes) and look at the book you find there.

ergophobe




msg:1284009
 7:21 pm on Dec 24, 2003 (gmt 0)

I just noticed that my original post was wrong on two counts, the first of which coopster corrected, but the other remains:


$loginform <<<formstring
stuff in here
<<<formstring;

should be


$loginform =<<<formstring
stuff in here
formstring;

Sorry for the confusion. That's what happens when you type faster than you think!

Tom

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved