Welcome to WebmasterWorld Guest from 54.166.224.46

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Help with $_SERVER['PHP_SELF'] inside a variable

I can't get it to work!

     
11:12 pm on Dec 19, 2003 (gmt 0)

10+ Year Member



Can someone tell me what is wrong with this please:

//create the login form
$loginform .= '<table width="300" border="2" align="center">
<tr>
<td><form name="form1" id="form1" method="post" action="<? $_SERVER[\'PHP_SELF\']?>" />
<p align="left">
<input name="admin_email" type="text" id="admin_email" />
Primary Email Address</p>
<p align="left">
<input name="pwd" type="password" id="pwd" />
Password</p>
<p align="left">
<input type="submit" name="Submit" value="Submit" />
</p>
</form></td>
</tr>
</table>' ;

I am going to echo $loginform later on in the script, if needed.

The $_SERVER['PHP_SELF'] does not work - it looks for it as a file name and I just get a 404. I have tried escaping it a bunch of different ways, creating another variable to hold it, putting curly brackets and/or periods around it, etc.

Thanks for your help!

Mark

11:19 pm on Dec 19, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I would replace the ' for ", escape all of the "s (ie \") and remove the <?> from the $_SERVER...



<?php  
$loginform .= "<table width=\"300\" border=\"2\" align=\"center\">
<tr>
<td><form name=\"form1\" id=\"form1\" method=\"post\" action=\"$_SERVER[PHP_SELF]\" />
<p align=\"left\">
<input name=\"admin_email\" type=\"text\" id=\"admin_email\" />
Primary Email Address</p>
<p align=\"left\">
<input name=\"pwd\" type=\"password\" id=\"pwd\" />
Password</p>
<p align=\"left\">
<input type=\"submit\" name=\"Submit\" value=\"Submit\" />
</p>
</form></td>
</tr>
</table>" ;

echo ($loginform);

?>

Works for me!

12:01 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



mips solution I'm sure works.

In the original, though, you need to echo the variable and have a semi-colon at the end of the statement.

BTW you can just not have an action parameter in your form tag and it will submit to itself.

12:04 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



BTW you can just not have an action parameter in your form tag and it will submit to itself.

Not anymore! [webmasterworld.com]

12:23 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Travelbuff,

The problem is simple - you can't switch in and out of php within quotes.


$loginform .= '<table width="300" border="2" align="center">
<tr>
<td><form name="form1" id="form1" method="post" action="<? $_SERVER[\'PHP_SELF\']?>" />

Your html page is going to have
action="<?$_SERVER....

You need to do something like

$loginform .= 'action="' . <? php stuff in here?> . 'more text goes here';

12:29 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



mips that is interesting. I don't know why having a form without an action parameter direct to the homepage rather than itself is more logical to the folks at safari.

ergo you are completely wrong. The double quotes in HTML have no impact once the opening php tag <? is parsed. The problem is the lack of an echo statement as I indicated above.

1:38 am on Dec 20, 2003 (gmt 0)

10+ Year Member



The double quotes in HTML have no impact once the opening php tag <? is parsed. The problem is the lack of an echo statement as I indicated above.

figment, look at the code again. he's already in php, and he's trying to enter in php again. If the quotes used for defining $loginform were double quotes and not single ones, this whole thing would return a parse error. In this case it doesn't because of the single quotes used. As per php manual:

// Using single quotes will print the variable name, not the value
echo 'foo is $foo'; // foo is $foo

The variables are NOT parsed when used in signle-quote-quoted strings.

So the fastest way to fix this imho is to use concatenation:


action="'.$_SERVER["PHP_SELF"].'" />

Dirty, I know, but...
1:52 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So the fastest way to fix this imho is to use concatenation:

action="'.$_SERVER["PHP_SELF"].'" />

Riiight - the quicker way. Missed it (and had my find and replace all ready to go!).


I don't know why having a form without an action parameter direct to the homepage rather than itself is more logical to the folks at safari.

I think in the end it came down to standards support - or, more like not supporting 'non-standard' development.

4:49 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




ergo you are completely wrong. The double quotes in HTML have no impact once the opening php tag <? is parsed. The problem is the lack of an echo statement as I indicated above.

Completely wrong? snicker snicker... look at it again because, dare I be so bold, you are completely wrong ;-). Tosho and I are right. He's putting everything inside SINGLE quotes and trying to invoke PHP again from within single quotes.

Tom

6:09 am on Dec 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



ok you got me - I blew it,

Since my foot seems to be continually in mouth on this topic let me add another few nuggets.

1) in the original post another BTW would not be to include everything in the php parser. It is faster to let HTML go through unparsed and then switch to in and out of php to echo variables.

2) I know safari is looking to be more standard compliant. Question, though, what is the standard. Seems to me it is IE not W3. At least that is the browser almost all of my sites visitors use.

I might change the way my site is coded to accomodate safari, you might, and thousands of other webmasters might. Problem is that still leaves 10's of millions of forms not working correctly. Wonder who will get frustrated first.

2:16 pm on Dec 20, 2003 (gmt 0)

10+ Year Member



So the fastest way to fix this imho is to use concatenation:

action="'.$_SERVER["PHP_SELF"].'" />

Thanks, that worked like a charm! I see what I did there now. This is my first real attempt at writing a full blown application, I am sure I will be back asking other bonehead questions! ;-)

8:05 pm on Dec 20, 2003 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Okay, having had my fun with figment, I have to say that he is right in principle in that the way you are doing it is... sub-optimal.

You may not be able to switch in and our of HTML depending on how you are using this (i.e. if assigning it all to a variable).

Things I might suggest to clean up your code.

1. use a function
2. use the heredoc syntax As the manual says


Heredoc text behaves just like a double-quoted string, without the double-quotes. This means that you do not need to escape quotes in your here docs, but you can still use the escape codes listed above. Variables are expanded, but the same care must be taken when expressing complex variables inside a here doc as with strings.

Advantages
- no need to escape quotes
- handles very long strings efficiently
- cleand
- variable substitution as in double quotes

function get_loginform($action="") {
if (!$action) {$action = $_SERVER['PHP_SELF'];}

$loginform <<<formstring
<table width="300" border="2" align="center">
<tr>
<td><form name="form1" id="form1" method="post" action="$action" />
<<<formstring;
return $loginform;
}

remember, if you have arrays or such and want to use simple variable substitution, you need to do {$array['id']} and not $array['id']

Tom

8:15 pm on Dec 20, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Phew! just when you thought you knew it all (tootally kidding there).

ergophobe, thanks for the tips!

8:54 pm on Dec 20, 2003 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



ergophobe, I think you meant to assign the value of the heredoc syntax to the $loginform variable, correct? If so, you'll need the assignment operator (=):

$loginform = <<<formstring
11:21 pm on Dec 20, 2003 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Whoops - what coopster said.

Yes I forgot the assignment operator.

Thanks for the correction!

Tom

2:33 pm on Dec 22, 2003 (gmt 0)

10+ Year Member



Simple use brack brackets.

ie:

$myvar="This is me: ${_SERVER['PHP_SELF']}";

Elegant and easy to read :)

Just not that this form of writing an assosiative array is _only_ supported between double quotes.

ie:

$myvar=${_SERVER['PHP_SELF']};

will fail with a compile problem.

Just a note that the convension $_SERVER[PHP_SELF] is not valid (notice the missing single quotes around PHP_SELF). What you are acctually doing is asking PHP to look up the key that's in the define "PHP_SELF" ie: define('PHP_SELF','TEST'); If PHP_SELF is not defined (which is it probably not) PHP will issue a none existant define warning and treat PHP_SELF as a literal (So you get the result you want along with a warning as long as PHP_SELF is not defined).

This is a bad habbit since if you ever did define this then you are not going to get the value you expect and it's going to be tough to track down.

daisho.

2:48 pm on Dec 22, 2003 (gmt 0)

10+ Year Member




figment88 wrote:
BTW you can just not have an action parameter in your form tag and it will submit to itself.

This is not the case though sometimes it does seem like that is what's happening. Without an action the form will post to the current directory. Most people have a "DirectoryIndex" parameter in there apache config listing for example "index.php index.html default.php default.html" and so on. This way if you go to [mysite.com...] apache will look in the login directory for one of the files that is listed in the "DirectoryIndex".

When you post and have an empty action it will post do the base directory of the current url. (ie if the form is on [mysite.com...] then the post will go do [mysite.com)...]

Then because of the directoryindex apache will pick one of the default files to handle the form submission.

Leaving a blank action will work if you want to post to index.php (or one of the other files listed in DirectoryIndex) and so it will work. Anything but that serario and you _need_ the action parameter.

daisho.

2:33 pm on Dec 23, 2003 (gmt 0)

10+ Year Member



Tom:

Thanks for the heads-up on heredoc. I have read 2 php books and taken several online tutorials and none of the talked about it!

I have one more questiont though - what is the benefit of making the form a function rather than a variable? What I am doing is adding an authentication script to the top of a bunch of pages. If the user is not validated, the the script is called via an incltude, they login and then can access the page. So basically every page is a login page.

Thanks for the good advice!

Mark

2:48 pm on Dec 23, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks for the heads-up on heredoc. I have read 2 php books and taken several online tutorials and none of the talked about it!

Me too, put it to use right away.


what is the benefit of making the form a function rather than a variable? What I am doing is adding an authentication script to the top of a bunch of pages. If the user is not validated, the the script is called via an incltude...

I'm no expert, but it seems that you are doing with an include one of the things that a function is used for:

if(!$PHP_AUTH){login();} 
else {}

vs

if(!$PHP_AUTH){include("login.php");} 
else {}

My rookie view - you're compartmentalizing the login idea with an include rather than a funtion.

1:13 am on Dec 24, 2003 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



As Daisho said (and actually I noted the same thing in my post), you can use braces to solveyour original problem, but I think doing just that and only that leaves it still rather hard to follow.

As for functions or not, it depends on how often you think you will use it. If it will be used more than once, make it a function. If it will be used on multiple pages, make it a function in a library (actually, in practice, almost all my functions are).

One advantage to functions and classes is that they force better coding and allow better functional and data abstraction. What goes on inside stays inside. All that goes in is passed as variables, all that comes out comes out via the return statement. Much less likely to end up with data corruption.

Tom

ps if you don't know what I mean by abstraction, google on "SICP Abelson" (no quotes) and look at the book you find there.

7:21 pm on Dec 24, 2003 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I just noticed that my original post was wrong on two counts, the first of which coopster corrected, but the other remains:


$loginform <<<formstring
stuff in here
<<<formstring;

should be


$loginform =<<<formstring
stuff in here
formstring;

Sorry for the confusion. That's what happens when you type faster than you think!

Tom

 

Featured Threads

Hot Threads This Week

Hot Threads This Month