Forms can be submitted to the web page itself using PHP. The main purpose of submitting forms to self is for data validation. Data validation means checking for the required data to be entered in the form fields.
PHP_SELF is a variable that returns the current script being executed. You can use this variable in the action field of the form. The action field of the form instructs where to submit the form data when the user presses the submit button. Most PHP pages maintain data validation on the same page as the form itself.
An advantage of doing this is in case of a change in the website structure, the data validation code for the form, and the form remain together.
<form name=”form1″ method=”post” action=”<?php echo htmlspecialchars($_SERVER[‘PHP_SELF’]); ?>” >
- $_SERVER[‘PHP_SELF’]: The $_SERVER[“PHP_SELF”] is a super global variable that returns the filename of the currently executing script. It sends the submitted form data to the same page, instead of jumping on a diffirent page.
Note: The $_SERVER[‘PHP_SELF’] can be easily exploited by hackers using cross-site scripting by inserting a ‘/’ in the URL and then a vulnerable script, but htmlspecialcharacters() is the solution, it converts the HTML characters from the site into harmless redundant code.
Below example illustrate the above approach:
- Before submitting:
- After submitting:
You can also insert functions to check the values entered as per the requirements and display validation accordingly. PHP forms submitting to self find a lot of application in data validation and database input formating.