Untuk apa php_self digunakan?

Dalam beberapa kasus, kami ingin mengirimkan beberapa data formulir di halaman web ke dirinya sendiri. Kita dapat mencapai ini dengan menggunakan variabel PHP_SELF di bidang tindakan formulir

Variabel PHP_SELF_ ini mengembalikan nama dan jalur file saat ini. Jadi ketika kita menggunakan variabel PHP_SELF_ di bidang tindakan formulir, nilai formulir dikirimkan ke halaman yang sama

Melalui postingan ini, kami membuat halaman sederhana untuk memahami penggunaan variabel PHP_SELF. Halaman ini memiliki beberapa bidang formulir dasar & ketika pengguna mengirimkan nilai formulir, itu akan menghasilkan pesan selamat datang untuk pengguna

Di halaman kami, kami memiliki kode HTML & PHP. Jadi kami menamai file kami sebagai welcome.php. Sekarang pertama kita dapat membuat skrip penangan formulir di halaman kita yang akan menyambut pengguna kita

<?php
	if(isset($_POST['submit']))
	{

		echo "Welcome ". $_POST["name"]."<br>";
		echo "Your email address is: ". $_POST["email"]."</br>";
	}
?>

Dalam skrip penangan formulir kami, kami menambahkan pernyataan if untuk memeriksa status tombol kirim. Menggunakan pernyataan if_ ini, skrip PHP kami hanya menampilkan pesan selamat datang setelah pengguna mengirimkan nilai formulir

Sekarang kita dapat menambahkan formulir HTML kita di halaman yang sama ini

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
	Name: <input type="text" name="name"><br>
	E-mail: <input type="text" name="email"><br>
	<input type="submit" value="submit">
</form>

Pernahkah Anda memperhatikan tindakan dalam formulir HTML kami? . Jadi setelah pengiriman formulir, data formulir tersedia di halaman yang sama

Namun saat kita menggunakan variabel PHP_SELF dalam action formulir kita, itu akan membuka pintu bagi peretas. Kami ingin memahami dan menghindari eksploitasi ini. Anda dapat membaca tentang praktik normal untuk keluar dari kerentanan ini dari sini

Tulisan Terbaru

1. Selesaikan "ValueError literal tidak valid untuk int() dengan basis 10" - Python
2. Menangani subdomain dinamis dengan Flask - Python
3. Contoh minimal tentang cache objek WordPress
4. Pilih elemen acak dari daftar - Python
5. Tulis program Selenium pertama kami dengan Python 3 & Firefox

Artikel ini diterbitkan pada 17 Desember 2013

Pertanyaan / Komentar Anda

Jika Anda menemukan artikel ini menarik, menemukan kesalahan, atau hanya ingin mendiskusikannya, silakan hubungi kami

Guide to URL paths...

Data: $_SERVER['PHP_SELF']
Data type: String
Purpose: The URL path name of the current PHP file, including path-info (see $_SERVER['PATH_INFO']) and excluding URL query string. Includes leading slash.
Caveat: This is after URL rewrites (i.e. it's as seen by PHP, not necessarily the original call URL).
Works on web mode: Yes
Works on CLI mode: Tenuous (emulated to contain just the exact call path of the CLI script, with whatever exotic relative pathname you may call with, not made absolute and not normalised or pre-resolved)

Data: $_SERVER['SCRIPT_NAME']
Data type: String
Purpose: The URL path name of the current PHP file, excluding path-info and excluding URL query string. Includes leading slash.
Caveat: This is after URL rewrites (i.e. it's as seen by PHP, not necessarily the original call URL).
Caveat: Not set on all PHP environments, may need setting via preg_replace('#\.php/.*#', '.php', $_SERVER['PHP_SELF']).
Works on web mode: Yes
Works on CLI mode: Tenuous (emulated to contain just the exact call path of the CLI script, with whatever exotic relative pathname you may call with, not made absolute and not normalised or pre-resolved)

Data: $_SERVER['REDIRECT_URL']
Data type: String
Purpose: The URL path name of the current PHP file, path-info is N/A and excluding URL query string. Includes leading slash.
Caveat: This is before URL rewrites (i.e. it's as per the original call URL).
Caveat: Not set on all PHP environments, and definitely only ones with URL rewrites.
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['REQUEST_URI']
Data type: String
Purpose: The URL path name of the current PHP file, including path-info and including URL query string. Includes leading slash.
Caveat: This is before URL rewrites (i.e. it's as per the original call URL). *
*: I've seen at least one situation where this is not true (there was another $_SERVER variable to use instead supplied by the URL rewriter), but the author of the URL rewriter later fixed it so probably fair to dismiss this particular note.
Caveat: Not set on all PHP environments, may need setting via $_SERVER['REDIRECT_URL'] . '?' . http_build_query($_GET) [if $_SERVER['REDIRECT_URL'] is set, and imperfect as we don't know what GET parameters were originally passed vs which were injected in the URL rewrite] --otherwise-- $_SERVER['PHP_SELF'] . '?' . http_build_query($_GET).
Works on web mode: Yes
Works on CLI mode: No

Data: $_SERVER['PATH_INFO']
Data type: String
Purpose: Find the path-info, which is data after the .php filename in the URL call. It's a strange concept.
Caveat: Some environments may not support it, it is best avoided unless you have complete server control
Works on web mode: Yes
Works on CLI mode: No

Note that if something is not set it may be missing from $_SERVER, or it may be blank, so use PHP's 'empty' function for your test.

Apa itu PHP_SELF PHP?

Apa gunanya $_ SERVER PHP_SELF ]?

Bagaimana cara membuat formulir PHP yang dikirimkan ke diri sendiri?

Bagaimana cara memvalidasi nama di PHP?