How do I make a PHP form that submits to self?

Question 1

How do I make a self-posting/self-submitting form, i.e. a form that submits the results to itself, instead of submitting to another form?

Question 2

The proper way would be to use $_SERVER["PHP_SELF"] (in conjunction with htmlspecialchars to avoid possible exploits). You can also just skip the action= part empty, which is not W3C valid, but currently works in most (all?) browsers - the default is to submit to self if it's empty.

Here is an example form that takes a name and email, and then displays the values you have entered upon submit:

<?php if (!empty($_POST)): ?>
    Welcome, <?php echo htmlspecialchars($_POST["name"]); ?>!<br>
    Your email is <?php echo htmlspecialchars($_POST["email"]); ?>.<br>
<?php else: ?>
    <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
        Name: <input type="text" name="name"><br>
        Email: <input type="text" name="email"><br>
        <input type="submit">
    </form>
<?php endif; ?>

Question 3

You could use the MySQL INET_ATON() and INET_NTOA() functions. Keep in mind these are MySQL specific, but you can implement them using php as well.

These functions convert an IP address from dot notation in to an integer. You can then store them in a table with "start_ip" and "end_ip" columns. When you are querying to see if an IP is banned, you can use a query with BETWEEN.

SELECT * FROM bans WHERE INET_ATON("127.0.0.1") BETWEEN start_ip AND end_ip

Question 4

The good news is that PHP and JavaScript have a similar idea about what values are true and false.

An empty string will be false on both sides. A string with something in it (except 0 in PHP) will be true on both sides.
The number 0 will be false on both sides. All other numbers will be true on both sides.

Since the values of a form will always be strings, as Quentin pointed out in his answer, a good practice might be to use an empty string as false value and something else (e.g. 'true') as true value. But I think your way of using 0 and 1 and testing the numerical values is the safest approach because it isn't misleading. (When someone sees 'true' they might think 'false' would also be usable for a false value.

Question 5

Works for me. Just tried

http://www.nearby.org.uk/tmp/multi-test.html

<select name="multiselect[]" ...

Results in a URL ?multiselect%5B%5D=2&multiselect%5B%5D=3

which will make $_GET['multiselect'] an array in PHP.

Perhaps you have something else in your system, stripping the [] ?

Question 6

As the other answers already state, you are having a chicken/egg problem: the fact that the PHP is running means the .htaccess saw no reason to forbid it, and its work is done.

Denying access to a page in PHP, where you should be doing more complex authentication and authorization stuff, is trivial though:

if($myUser->shouldNotBeHere()) {
  header('HTTP/1.1 403 Forbidden');
  die('Access denied!');
}

This looks the same as an Apache-level deny to the browser.

How do I make a PHP form that submits to self?

Answers

php,html,forms