PHP Self POST

anton_1 · December 7, 2011

Hey guys,

Any help is much appreciated!

I want to make it, that when a form is submitted it inserts the booking and echos a message to the user without directing them to another page.

Just now when you hit book, it shows the booking page on another page instead of just display Booking Complete on the same page

Code:

</tr>

<tr>

<label for="first_name">First Name *</label>

</td>

</td>

</tr>

<tr>

</td>

</td>

</tr>

<tr>

<label for="email">Address</label>

</td>

</td>

</tr>

<tr>

<label for="County">County</label>

</td>

</td>

</tr>

<tr>

<label for="postcode">Postcode</label>

</td>

</td>

</tr>

<tr>

<label for="telephone">Telephone Number</label>

</td>

</td>

</tr>

<tr>

<label for="CheckInDate">Check In Date</label>

</td>

</td>

</tr>

<tr>

<label for="CheckOutDate">Check Out Date</label>

</td>

</td>

</tr>

<tr>

</td>

</tr>

</table>

</form>

PHP Code:

<?php

if(isset($_POST['submit']))

{

$fname = $_POST['fname'];

$lname = $_POST['lname'];

$address = $_POST['address'];

$county = $_POST['county'];

$pcode = $_POST['postcode'];

$telno = $_POST['telno'];

$checkIn = $_POST['checkIn'];

$checkOut = $_POST['checkOut'];

$con = mysql_connect("localhost","root","");

if (!$con)

{

die('Could not connect: ' . mysql_error());

}

mysql_select_db("forumtututorial", $con);

$sql="INSERT INTO RoomBookings (FirstName, LastName, Address, County, Postcode, TelNo, CheckInDate, CheckOutDate)

VALUES

('$_POST[fname]','$_POST[lname]','$_POST[address]','$_POST[county]','$_POST[postcode]','$_POST[telno]','$_POST[checkIn]','$_POST[checkOut]')";

if (!mysql_query($sql,$con))

{

die('Error: ' . mysql_error());

}

// mail customer reciept

$to = "08006925@live.napier.ac.uk";

$subject = "Booking Reservation";

$message = $fname . "has made a booking";

$headers = "Highlander Hotel";

mail($to,$subject,$message,$headers);

echo "Booking Complete";

}

?>

Thanks!!

MasterACE14 · December 7, 2011

should leave the form 'action' field blank

action=""

there's security risks of using $_SERVER['PHP_SELF'] there.

anton_1 · December 7, 2011

Thanks for your reply, but that doesnt do anything? If php self server is not in the action field it will not run the php script on the page when submit is clicked?

Thanks!

aneeshrp · December 7, 2011

http://php.net says

$_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here. That said, a large number of these variables are accounted for in the » CGI/1.1 specification, so you should be able to expect those.

however you could try the following this

1. use "" in form's action attribute, From my understanding leaving the action blank (action=”") is not proper and still open to XSS attacks.

or

use __FILE__ constant with basename()

<form method="post" name="helloworld" action="<?php echo basename( __FILE__ );?>">
<input type="submit" name="submit" value="Submit" />
</form>

Sign In

PHP Self POST

Recommended Posts

anton_1

Link to comment

Share on other sites

MasterACE14

Link to comment

Share on other sites

anton_1

Link to comment

Share on other sites

aneeshrp

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information