PHP - $_server['php_self'] - Safari Showing As Firefox

How come my$_SERVER['PHP_SELF'] echos the filename.php

I have a rewrite rule and i need it to echo

http://site.com/file/321

instead of filename.php?id=321


Help! Godaddy wont tell me why its doing that

Hi I am new to PHP and this is my first post one here so appologies is this questions seems a bit dumb!

I have an if clause such that if a button is pressed on my web page then i want to reload the page and include a new form on it.

I am having a problem getting the $_SERVER['PHP_SELF'] command to work from iside a echo command. I must not be escaping the code correctly with back slashes:

I currently have the line :

 
echo"<form method=\"POST\" action=\"\<?$_SERVER['PHP_SELF']?\>\">";


However this doesnt seem to work as my page just doesnt display in the browser.

Any advice is much appreciated.

Thanks for taking the time to read.

Hi there,

I'm trying to make my code more efficient by using <?php echo $_SERVER['PHP_SELF']; ?> ....where I've been used to having two pages with forms - one for filling out the form, and then a second page to process it / confirm, etc.

The page in question is designed to send a reminder of a user's password to their email address.

They basically put their email address into a form with one field, next to which it says:

"So...You forgot your password eh? Give us your email address and we'll send it to you."

I've got the code set up so it sends the email with the password, no problems.

However, once they've pressed submit, they can still see the message  "So...You forgot your password eh? Give us your email address and we'll send it to you"...as well as the form field and submit button.

I'd love to know what I need to do to hide these after the user has pressed submit??

Here's the code:
Code: [Select]

    <?php
if(isset($_POST['submit'])) 
{ 

 $emailaddress = $_POST['emailaddress'];
 
echo "We've sent an email to $emailaddress, reminding you of your password.";


 //MySQL Database Connect
 include 'mysql_connect_applications.php'; 

// Get all the data from the "example" table

$result = mysql_query("SELECT * FROM applications2011 WHERE emailaddress= '$emailaddress'  LIMIT 0,1 ")
or die(mysql_error());

while($row = mysql_fetch_array( $result )) {

 $password = $row['password'];
}

// keeps getting the next row until there are no more to get

//***********************Email to forgetful user code***********************

$to = "$emailaddress\n";
$subject = "C2K Application";
$headers = "From: coast2kosci@coast2kosci.com";

$message = "Hi there, 

Seems you forgot your password. Here it is:

Password:  $password

Yours in the long run,

Dave.\n";
if (preg_match(' /[\r\n,;\'"]/ ', $_POST['emailaddress'])) {
  exit('Invalid Email Address');
}
else {
mail($to,$subject,$message,$headers);
}

//***********************End of Email to applicant code***********************
   
}
?>
             
             
                <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
                  <p>
                    <label>
                      So...You forgot your password eh? Give us  your email address and we'll send it to you.
                      <input type="text" name="emailaddress" id="emailaddress" />
                    </label>
                  </p>
                  <p>
                    <label>
                      <input type="submit" name="submit" id="submit" value="Submit Form" />
                    </label>
                  </p>
                </form>

This topic has been moved to CSS Help.

http://www.phpfreaks.com/forums/index.php?topic=317486.0

what's the difference between them? how to use them. i print_r($_SERVER). there are no result of $_SERVER['PATH_INFO'] and $_SERVER['PORIG_PATH_INFO'] .why? how to enable it.i have read the php manual about them, but still don't understand . expect someone can explain them.thank you

When I insert this code into a page on my website, it displays correctly in IE9, but not in Safari or Firefox.
Any suggestions appreciated.

Code:
Code: [Select]
<?php include("opendatabase.php"); ?>

<div id="tables">
<?php

echo "<table width=680 border=1>\n";
echo "<th>Owner</th>";
echo "<th>Team</th>";
echo "<th>1</th>";
echo "<th>2</th>";
echo "<th>3</th>";
echo "<th>4</th>";
echo "<th>5</th>";
echo "<th>6</th>";
echo "<th>7</th>";
echo "<th>8</th>";
echo "<th>9</th>";
echo "<th>10</th>";
echo "<th>11</th>";
echo "<th>12</th>";
echo "<th>13</th>";
echo "<th>14</th>";
echo "<th>15</th>";
echo "<th>16</th>";
echo "<th>17</th>";
echo "<th>Total</th>";

$result = mysql_query( "
SELECT team_id, team_name, owner, total_pts
FROM teams
ORDER BY total_pts DESC" );

while ($row = mysql_fetch_array($result))
{
$i = $row['team_id'];

echo "<tr>\n",
"</td><td  align=center >",
$row['owner'],
"</td><td  align=center >",
$row['team_name'];

$result1 = mysql_query( "
SELECT bye, owner_pts
FROM schedule
WHERE team = $i");
$num_rows = mysql_num_rows($result1);

while ($row1 = mysql_fetch_array($result1))
{
if (empty($row1['bye']))
{
echo "</td><td  align=center >", $row1['owner_pts'], "</tr>\n";
}
else
{
echo "</td><td  align=center  >","--","</tr>\n";
}

}

while ($num_rows<=16)
{
echo "</td><td>","","</tr>";
$num_rows++;
}

echo "</td><td   align=center >",$row['total_pts'],"</tr>";

}
echo ' <tr><td height="10"></td></tr> ';

echo "</table>\n\n";

mysql_close($con);
?>

The page:
http://www.beat-the-spread.net/seasontotals.php

Thanks for any help!

I have some PHP/HTML code being used in a WordPress site. The PHP outside of WordPress works in any browser. When I open it in Chrome in WP, it runs no problem. Within WP in Safari(unsupported plug in error pops up but I have deactivated all plugins) and Firefox, nothing shows up. This is the page: https://searchsoftball.com/search/

I can reproduce the problem in Chrome making one change but I do not know how to fix it.
This is the part of the code that breaks it in all browsers:

<?php $result = $con->query($sql); while($row = $result->fetch_assoc()){ ?>

<tr> <td><?php echo $row['School'];?></td> <td><?php echo $row['City'];?></td> <td><?php echo $row['State'];?></td> <td><?php echo $row['Conference'];?></td> <td><?php echo $row['Division'];?></td> <td><?php echo '<a href="'.$row['Main'].'"target ="_blank">Main</a>';?></td> <td><?php echo '<a href="'.$row['Softball'].'"target ="_blank">Softball</a>';?></td> <td><?php echo '<a href="'.$row['Camp'].'"target ="_blank">Camp</a>';?></td> </tr> <?php <--- remove this

} <— and this
?> <---- and this causes it to break in all browsers.

I can provide the full code if needed. Thanks in advance

I'm having an issue with an image not showing up using firefox.  All other major browsers work.

Query: $imgpath=(mysql_result($result,0,"imgpath"));

Below is the code to display the image:
<img alt="" height="210" width="709" src="<?php echo $imgpath; ?>"/>

Any suggestions will be appreciated.

I saw your sig file and read one of the articles about $_SERVER['PHP_SELF'] being awful.  I admit, I've written scripts that submit the info to the same page, but I always just coded the page name directly into the action attribute.  In my noobness, I never realized you *could* use PHP_SELF.  One of the articles mentions a few fixes, including htmlentities or html special characters, but I guess my question to you is, why even bother?  Why not just set the page name in action and check for $_POST['submit'] when the page (re)loads?

I was going to send this as a PM then decided to open it up for the benefit of everyone and not bother your inbox. 

hi all i just read an article at http://www.phpro.org/tutorials/PHP-Security.html
about not trusting server variables like $_SERVER['PHP_SELF']

so they explain, it can't be trusted and so on, but when it comes to a real life example i have difficulty understandig what someone could do with it since i assume it only has effect at client side.  they use a form and say that
Code: [Select]
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   ...
</form>

They give as example that someone could do the following: add
Code: [Select]
<script>alert("XSS HERE");</script>
But i don't see how that would have effect to anyone except for the one that inserts that.
Could someone maybe explain this a little to me.

This topic has been moved to JavaScript Help.

http://www.phpfreaks.com/forums/index.php?topic=326389.0

Can someone tell me what some of the purposes of this would be?
global $PHP_SELF;

its defined right after a function like this

function myFunction(module =' '){
global $PHP_SELF;

....

}
Thanks

I successfully build a form, and I have a few echo's which will echo out error messages when an input box is left empty.

The echo messages used to be on the same page while I was using PHP_SELF, now that I've separated the script from the form it will now be shown on a new empty page and the user has to use the browser's navigators to navigate back. I'd still like to keep my script from the form separated for read-ability reasons, but I'd also like to have the echo messages outputted on the same page as the form.

How can I do that?

I'm a newbie, so excuse this basic question.


P.S.
If somebody can give me a tip how to position the echo messages in the design, I'd appreciate it a lot, because it sometimes messes up the design.