Clever Geek Handbook

PHP in action tag of HTML form

The first page is PHP, so this is probably a problem arising from something stupid that I am missing, but I'm not sure what. I am following W3Schools' guide to create an XSS protected form, but when I use the code <form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">

it parses in such a way that the first one >

is associated with a tag form

, so the quotes are incompatible and the action does not work correctly.

This is what the page looks like:

Screenshot

EDIT: Full code below

<body>
<?php
    $fname = $lname = $email = $student = "";
    if($_SERVER["REQUEST_METHOD"] == "POST")
    {
        $fname = $_POST["fname"];
        $lname = $_POST["lname"];
        $email = $_POST["email"];
        switch($_POST["student"])
        {
            case "u":
                $student = "Undergraduate";
                break;
            case "g":
                $student = "Graduate";
                break;
            default:
                $student = "Non-Student";
        }   
    }
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">
    <p>First Name: <input type="text" name="fname"> </p>
    <p>Last Name: <input type="text" name="lname"> </p>
    <p>Email: <input type="email" name="email"> </p>
    <p>Student Status: <select name="student">
                        <option value="u">Undergraduate</option>
                        <option value="g">Graduate</option>
                        <option value="x">Non-Student</option>
                    </select> </p>
    <input type="submit" value="Submit">
</form>

<?php
    echo "<h3>Input:</h3>"
    echo "Name: " . $fname . " " . $lname . "<br>";
    echo "Email: <a href=mailto:" . $email . ">" . $email . "</a><br>";
    echo "Student: " . $student;
?>
</body>
+3


source to share


2 answers


.html

files are not treated as files .php

, so you need to install a web server on your system.

Sidenote: You can tell Apache to treat files .html

as PHP, if and when the time comes that you want to do this, it is possible.

.php

files cannot be run directly from a web browser unless they are parsed and run from a server or hosted site.

They require access like http://localhost/file.php

a local machine.

Depending on your platform, you can use Xampp, which works on Windows, Mac and Linux.

Vamp:



Mump (Mac):

Plus, you have several syntax errors.

action="<?php echo $_SERVER['PHP_SELF'); ?>">
                                      ^

which should be a square bracket, not parentheses.

action="<?php echo $_SERVER['PHP_SELF']; ?>">

and there is echo "<h3>Input:</h3>"

no closing semicolon.

Those will throw / cause a parse error.

+2


source


The solution may be obvious, the closing parenthesis is incompatible.

Edit:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'); ?>">


To:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

Pay attention to ['PHP_SELF')

and ['PHP_SELF']

.

+1


source






More articles:


All Articles