Basically, I need a simple form page that will submit its results to
the same page. I've seen this done before, but cannot recreate the
results.
Something like,
<form method=post action="">
<INPUT type="submit" name="button">
<input type="hidden" name="test_Data" value="100">
</form>
So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done? :)
Thank you in advance for help. Sara
I cannot see how this can be done in HTML. It is straightforward in Perl.
Indeed, Perl Web programmers do it all the time.
action='/example.com/cgi-bin/test.pl'
use CGI;
my $testdata=param('test_Data');
[ work on variable $testdata ]
Have you seen something like this?
Regards
John
[...]
> <form method=post action="">
> <INPUT type="submit" name="button">
> <input type="hidden" name="test_Data" value="100">
> </form>
>
> So basically I want to prove hitting the form submit button sends me
> to the same page it is on, and passes some result back to it, and I
> can take it from there. Can this be done? :)
Assuming you have PHP on your server, try something like the following;
<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
(rest of form...)
</form>
and anywhere else on your page...
<?php
if(isset($_POST["test_Data"])) {
print("<p>test_Data = ".$_POST["test_Data"]."</p>\n");
}
?>
Hope that helps.
Cheers,
Nige
--
Nigel Moss http://www.nigenet.org.uk
Mail address will bounce. ni...@DOG.nigenet.org.uk | Take the DOG. out!
"Your mother ate my dog!", "Not all of him!"
My contact form here
<http://www.cnswallpaper.com/contact.asp>
does everything on the contact.asp, including the error page and sending the message to me (JMail on the server).
It's done in plan old .asp so a lot will depend what you have available on your server. I just capture the status=submit to have the page display the conformation.
hth
--
cf <cfn...@NOcharterSPAM.net>
I may be dumb, but I'm not stupid.
Terry Bradshaw
Of course it can be doen - simply by setting the action parameter to the
url of the source page.
What you do with the data, however, will depend upon the scripting type you
opt to utilize. And you will need some scripting. My recommendation is to
look into php.
--
Neredbojias
Not in HTML, but any server-side language will do it.
--
Berg
I feel compelled to warn you all that you should *not* do the above
example. There is an XSS flaw in it. A safe example to demonstrate the
risk is to pass this to the example script:
http://example.com/risky.php/%22%3E%3Cscript%3Ealert('xss, time to be
worried')%3C/script%3E%3Cfoo
You will get a harmless alert box, but there are a lot more nefarious
things that can be done. There is an easy fix though, don't use the raw
URL parsed by $_SERVER["PHP_SELF"].
sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion
Then use:
<form method="post" action="<?php echo $sanitized; ?>">
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
>> <form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
>> (rest of form...)
>> </form>
>
> I feel compelled to warn you all that you should *not* do the above
> example. There is an XSS flaw in it. A safe example to demonstrate the
> risk is to pass this to the example script:
>
> http://example.com/risky.php/%22%3E%3Cscript%3Ealert('xss, time to be
> worried')%3C/script%3E%3Cfoo
>
> You will get a harmless alert box, but there are a lot more nefarious
> things that can be done. There is an easy fix though, don't use the
> raw URL parsed by $_SERVER["PHP_SELF"].
>
> sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion
>
> Then use:
>
> <form method="post" action="<?php echo $sanitized; ?>">
$_SERVER["SCRIPT_NAME"] may be an alternative.
--
BootNic Friday October 19, 2007 2:29 PM
The world is very different now. For man holds in his mortal hands
the power to abolish all forms of human poverty, and all forms of
human life.
*John Fitzgerald Kennedy, Inaugural Address*
Yes, but you would lose and legitimate query string parameters if this
was a GET process.
Where would it go?
$_GET perhaps
--
BootNic Friday October 19, 2007 6:46 PM
Inform all the troops that communications have completely broken
down.
*Ashleigh Brilliant*
>>>> <form method="post" action="<?php echo $sanitized; ?>">
>>> $_SERVER["SCRIPT_NAME"] may be an alternative.
>>>
>> Yes, but you would lose and legitimate query string parameters if this
>> was a GET process.
>
> Where would it go?
>
> $_GET perhaps
>
Duh! Of course. $_SERVER["SCRIPT_NAME"] also insures trailing characters
are not parsed and removes that method of XSS. Also if the server has
magic quotes enabled helps.