PHP - $_server['php_self'] Echos The Filename And Not The Url!

I am just setting up a db to catch user info on my site. After some testing all is working except that when I use Safari, my log wrongly shows that I am using Firefox. I have been scanning the web for a solution but all workarounds I have found seem to be very out of date. Can anyone help with this? here is the code I am using:

Code: [Select]
//logs user info to db
$browser = $_SERVER['HTTP_USER_AGENT'];
$time = $_SERVER['REQUEST_TIME'];
$refer = $_SERVER['HTTP_REFERER'];
$page = $_SERVER['PHP_SELF'];
$pageQuery = $_SERVER['QUERY_STRING'];
$ip = $_SERVER['REMOTE_ADDR'];

Hi I am new to PHP and this is my first post one here so appologies is this questions seems a bit dumb!

I have an if clause such that if a button is pressed on my web page then i want to reload the page and include a new form on it.

I am having a problem getting the $_SERVER['PHP_SELF'] command to work from iside a echo command. I must not be escaping the code correctly with back slashes:

I currently have the line :

 
echo"<form method=\"POST\" action=\"\<?$_SERVER['PHP_SELF']?\>\">";


However this doesnt seem to work as my page just doesnt display in the browser.

Any advice is much appreciated.

Thanks for taking the time to read.

Hi there,

I'm trying to make my code more efficient by using <?php echo $_SERVER['PHP_SELF']; ?> ....where I've been used to having two pages with forms - one for filling out the form, and then a second page to process it / confirm, etc.

The page in question is designed to send a reminder of a user's password to their email address.

They basically put their email address into a form with one field, next to which it says:

"So...You forgot your password eh? Give us your email address and we'll send it to you."

I've got the code set up so it sends the email with the password, no problems.

However, once they've pressed submit, they can still see the message  "So...You forgot your password eh? Give us your email address and we'll send it to you"...as well as the form field and submit button.

I'd love to know what I need to do to hide these after the user has pressed submit??

Here's the code:
Code: [Select]

    <?php
if(isset($_POST['submit'])) 
{ 

 $emailaddress = $_POST['emailaddress'];
 
echo "We've sent an email to $emailaddress, reminding you of your password.";


 //MySQL Database Connect
 include 'mysql_connect_applications.php'; 

// Get all the data from the "example" table

$result = mysql_query("SELECT * FROM applications2011 WHERE emailaddress= '$emailaddress'  LIMIT 0,1 ")
or die(mysql_error());

while($row = mysql_fetch_array( $result )) {

 $password = $row['password'];
}

// keeps getting the next row until there are no more to get

//***********************Email to forgetful user code***********************

$to = "$emailaddress\n";
$subject = "C2K Application";
$headers = "From: coast2kosci@coast2kosci.com";

$message = "Hi there, 

Seems you forgot your password. Here it is:

Password:  $password

Yours in the long run,

Dave.\n";
if (preg_match(' /[\r\n,;\'"]/ ', $_POST['emailaddress'])) {
  exit('Invalid Email Address');
}
else {
mail($to,$subject,$message,$headers);
}

//***********************End of Email to applicant code***********************
   
}
?>
             
             
                <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                  <p>
                    <label>
                      So...You forgot your password eh? Give us  your email address and we'll send it to you.
                      <input type="text" name="emailaddress" id="emailaddress" />
                    </label>
                  </p>
                  <p>
                    <label>
                      <input type="submit" name="submit" id="submit" value="Submit Form" />
                    </label>
                  </p>
                </form>

what's the difference between them? how to use them. i print_r($_SERVER). there are no result of $_SERVER['PATH_INFO'] and $_SERVER['PORIG_PATH_INFO'] .why? how to enable it.i have read the php manual about them, but still don't understand . expect someone can explain them.thank you

I'm pulling 10 records here. How do I split the results in to several echos?

$query = "SELECT statez, COUNT(statez)FROM mylist GROUP BY statez"; 
$results = mysql_query($query);
$returnS="";
while($line = mysql_fetch_array($results))
{
$returnS.= $line['COUNT(statez)'].",,".$line['statez'].",,,";
}
echo $returnS;
mysql_close($link);
?>

I need the code to look like this by showing the (COUNT) number for each state.
$results = mysql_query($query);
while($line = mysql_fetch_array($results))
{
echo $line["number_in_state1"].",,";
echo $line["number_in_state2"].",,";
echo $line["number_in_statee3"].",,";
echo $line["number_in_state4"].",,";
echo $line["number_in_state5"].",,";
echo $line["number_in_state6"].",,";
//etc....
}

ok my code is below but i want to count how many $sname or ['member_name'] there is as if there is 4 or more i want it to add a marquee to it  have that sorted but im having trouble getting it to count can you help me?


$query = "SELECT * FROM `ibf_members` WHERE member_group_id = '4' or member_group_id = '6' or member_group_id = '17' or member_group_id = '18' or mgroup_others = '4' or mgroup_others = '6' or mgroup_others = '17' or mgroup_others = '18' "; 

$result99 = mysql_db_query("pbf99_backup", $query);
$staff1 = mysql_num_rows($result99);
if ($result99) 
{  
while ($r = mysql_fetch_array($result99)) { // Begin while 
$sid = $r["member_id"];
$smgid = $r["member_group_id"];


$query2 = "SELECT * FROM `ibf_sessions` WHERE member_id = '$sid'"; 
$result2 = mysql_db_query("pbf99_backup", $query2); 
if ($result2) 
{  
while ($r2 = mysql_fetch_array($result2)) { // Begin while 
$sname = $r2["member_name"]; 

$query3 = "SELECT * FROM `ibf_groups` where g_id = '$smgid'"; 
$result3 = mysql_db_query("pbf99_backup", $query3); 
if ($result3) 
{  
while ($r3 = mysql_fetch_array($result3)) { // Begin while 
$ssuffix = $r3["suffix"];
$sprefix = $r3["prefix"];

echo "<a href='$host$sid' target='_parent'>$sprefix$sname$ssuffix$stafff</a><br><br>";
}}}}}}

?>

I'm trying to make it so that if the $row data is more than just "" (empty) then echo if not then run the scan on the next number.
It just keeps repeating the values all the way through?
Help?
Thanks.

function scan($random) {
    if ($random == 1) {
        $query = "SELECT * FROM users WHERE clicks > 20 AND status='1' ORDER BY RAND() LIMIT 1";
        $result = mysql_query($query);
        $row = mysql_fetch_assoc($result);
        if (isset($row['id'])) {
                        echo '<html><body style="margin: 0px;"><a href="http://www.ryansocratous.com/banner/DELETE/click.php?u=' . $row['activation'] . '"><img src="http://www.ryansocratous.com/banner/DELETE/image.php?id=' . $row['id'] . '"></img></a></body></html>';
        } else {
            scan(2);
        }
    }
    if ($random == 2) {
        $query = "SELECT * FROM users WHERE clicks > 10 AND status='1' ORDER BY RAND() LIMIT 1";
        $result = mysql_query($query);
        $row = mysql_fetch_assoc($result);
        if (isset($row['id'])) {
                        echo '<html><body style="margin: 0px;"><a href="http://www.ryansocratous.com/banner/DELETE/click.php?u=' . $row['activation'] . '"><img src="http://www.ryansocratous.com/banner/DELETE/image.php?id=' . $row['id'] . '"></img></a></body></html>';
        } else {
            scan(3);
        }
    }
    if ($random == 3 OR 4 OR 5) {
        $query = "SELECT * FROM users WHERE clicks > 0 AND status='1' ORDER BY RAND() LIMIT 1";
        $result = mysql_query($query);
        $row = mysql_fetch_assoc($result);
        echo '<html><body style="margin: 0px;"><a href="http://www.ryansocratous.com/banner/DELETE/click.php?u=' . $row['activation'] . '"><img src="http://www.ryansocratous.com/banner/DELETE/image.php?id=' . $row['id'] . '"></img></a></body></html>';
    }
}

$random = rand(1, 5);
scan($random);

I have a problem with formating the appearance of a die statement.
As you will see from the css below, p.form and p.passed both have the same text-align, and marginal values,
however they display very differently.  P.passed is used in an echo, and P.form is used in a die.
I want to display both my echo and die statements in the same place.  Ive tried the obvious and played around with the margins on P.form but it doesnt seem to make any difference.  I can only presume that my die statement is ignoring the class im assigning it?

P.form
{
   color:#FF03;
   margin-left:100px;
   text-align:left;
   clear:both;
}
P.passed
{
   color:#333;
   margin-left:100px;
   text-align:left;
   clear:both;
}

Code: [Select]
<?php // snippet

if($Name == '')
{
die ("<P class=\"form\">You did not complete the name field, please try again</p>");
}
elseif  ($Phone == '' or (preg_match("/^([1]-)?[0-9]{3}-[0-9]{3}-[0-9]{4}$/i", $Phone)))
{
die('<P class="form"> You completed the telephone field incorrectly, please try again</p>');
}
elseif  ($Email == '' or (!filter_var($Email, FILTER_VALIDATE_EMAIL)))
{
die('<P class="form"> You completed the Email field incorrectly, please try again</p>');
}    
elseif  ($Postcode == '' or (!checkPostcode($Postcode)))
{
die('<P class="form"> You did not complete the Postcode field correctly, please try again</p>');
}   
elseif  ($Website == '' or (!preg_match("~^[a-z0-9.-]+\.(com|org|net|edu|co.uk)~i", $Website)))
{   
die('<P class="form">You completed the website field incorrectly, please try again</p>');
}
else
{
echo("<P class=\"passed\">Thankyou for submiting your details, you will be added to our directory shortly</p>");
}}
Ive formatted if and else slightly differently but the output is still the same.
Should die statements and echo's display differently?

Hey guys it's been a long time, but I am back with php!

Anyway here's my dilemma:

test.php

<?php
<?php
$name = array('Chris', 'Bob', 'Jack');

$names = print_r($name);
?>


Simple enough right? Well although I am not printing/echoing these results to screen it does it automatically.

Meaning when I point my browser to test.php it outputs this:
Code: [Select]
Array ( [0] => Chris [1] => Bob [2] => Jack )
Rather than only assigning the value to the $names variable, which is what I would expect it to do. Is this normal behaviour or is there something I can change on php.ini?

Thank you!

Hi, all... have a basic question here as a newbie that I am...

Many times, in some scripts I see (I think, if not mistaken), places where within a echo sentence I see variables echoed like this with no quotes:

echo "First Name: $firstName and Last Name: $lastName"; 
as opposed to like one would expect:
echo "First Name: " . $firstName . " and Last Name: " . $lastName"; 

Sometimes I see that also when variables are used in select/update statements I think.. like this:
$query = mysql_query("SELECT FROM table WHERE column = $columnname");
Instead of like this within quotes:
$query = mysql_query("SELECT FROM table WHERE column = '$columnname'");


Is it because some of these values may be numbers (numeric) as opposed to "strings"??
Not sure if I make sense... appreciate teh feedback,
Thanks!

I saw your sig file and read one of the articles about $_SERVER['PHP_SELF'] being awful.  I admit, I've written scripts that submit the info to the same page, but I always just coded the page name directly into the action attribute.  In my noobness, I never realized you *could* use PHP_SELF.  One of the articles mentions a few fixes, including htmlentities or html special characters, but I guess my question to you is, why even bother?  Why not just set the page name in action and check for $_POST['submit'] when the page (re)loads?

I was going to send this as a PM then decided to open it up for the benefit of everyone and not bother your inbox. 

hi all i just read an article at http://www.phpro.org/tutorials/PHP-Security.html
about not trusting server variables like $_SERVER['PHP_SELF']

so they explain, it can't be trusted and so on, but when it comes to a real life example i have difficulty understandig what someone could do with it since i assume it only has effect at client side.  they use a form and say that
Code: [Select]
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   ...
</form>

They give as example that someone could do the following: add
Code: [Select]
<script>alert("XSS HERE");</script>
But i don't see how that would have effect to anyone except for the one that inserts that.
Could someone maybe explain this a little to me.

This topic has been moved to JavaScript Help.

http://www.phpfreaks.com/forums/index.php?topic=326389.0

I successfully build a form, and I have a few echo's which will echo out error messages when an input box is left empty.

The echo messages used to be on the same page while I was using PHP_SELF, now that I've separated the script from the form it will now be shown on a new empty page and the user has to use the browser's navigators to navigate back. I'd still like to keep my script from the form separated for read-ability reasons, but I'd also like to have the echo messages outputted on the same page as the form.

How can I do that?

I'm a newbie, so excuse this basic question.


P.S.
If somebody can give me a tip how to position the echo messages in the design, I'd appreciate it a lot, because it sometimes messes up the design.