I don't think it's a good idea, either.
From my experience, it has the potential to mess up your navigation buttons, and often, after a form posts to itself, pressing the "back" then "forward" buttons will give a "page cannot be displayed" message.
Plus, having a separate "process" form for posts help to keeps the procesing logically separated from the display side.

I can't see where there would be any extra security issues, beyond what you would consider normal.

One of my pages contains 4 different forms. The reason is because I don't want my users getting redirected to another page during this process. Is this problematic having so many forms on a single page. You betcha!

The logic has to be right. I have to determine which form was submitted. Did I pass the right values? Are there additional values being passed? How does my script know where to start processing? Some of this is simply extra overhead.

I might have coded those 4 forms into individual pages, and saved myself some significant development time. So, I'm only speculating as to why such a thing might not be recommended, and it comes down to increased complexity and development time.

One possibilty is if you're using something like this for your forms

<form action="<?php echo $_SERVER['PHP_SELF'];?>">

It's a no no to trust server variables like this. See [blog.phpdoc.info...] for further info.

Tim

Hmm..

I almost ALWAYS do:

<form action="">

And I don't have issues with it. I just checked the back button and no worries there - I guess it just depends on your form setup and your server config. I know that different caching methods change the back button behavior in IE for forms that are POST'ed.

b

Yeah - I think it's an IE specific bug, that "may" be fixed by changing some weird cache-control header.
I tried it, but couldn't get it to work satisfactorily, and now I just always POST to a processing form out of habit, I guess.

I use a form which posts to the same page in order to generate printer friendly pages. If the user clicks the "print format" button a hidden variable is posted which is detected server side and serves the same page with a different stylesheet.

I've never had any problems, and back and forward work fine for me. But now you've got me worried what other people experience. :(

[support.microsoft.com...]

Thanks guys.

FalseDawn, I hadn't considered the issue of the back and forward buttons -- need to look further into that.

Timotheos, thanks for the heads up on $_SERVER['PHP_SELF'] -- that's simply amazing! I'd heard that some of the $_SERVER fields should be considered tainted, but didn't realise that extended to PHP_SELF.

bsterz, I found this post [webmasterworld.com] which indicated that Safari and Konqueror had a problem with action="". I don't whether it's still a problem.