www.webdeveloper.com
Results 1 to 9 of 9

Thread: strange behavior

  1. #1
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238

    strange behavior

    Ok, This code should look familiar to some of you:
    PHP Code:
    <?php
    $query 
    "SELECT Company FROM Customer WHERE Sales_Rep = '$salesrep';";            
        
    $result mysql_query($query) or die("SQL Error: " $query "<br/>" mysql_error());
        
         while (
    $row mysql_fetch_assoc($result)) {
             foreach (
    $row as $key => $val) {
                
    $msg .= "<option value='".$val."' >".$val."</option>";
            }
           }
    ?>
    I was having a problem with getting php to make a form with a select box in it. I got it to work, and I can load a list from MySQL and make a selection box out of it. The wierd thing is that when I make a selection from the list and submit it through my form:
    HTML Code:
    	<form enctype='application/x-www-form-urlencoded' method='post' target='<?php echo $_SERVER['PHP_SELF']; ?>'>
    	<select name='clients' id='clients'>
    	<option selected="selected" value="">-Select One-</option>
    		<?php
    			print $msg;
    		?>
    	</select><br />
    	<input type="submit" value="Search" name="search" id="search" />
    	<input type="submit" value="Update" name="update" id="update2" />
    	</form>
    It always opens in a new window. I do not have any code anywhere on that page or any other page that tells the browser to open a new window. It will only open a new window when I pick my first selection, any other selection after that opens in the same "new" window. Can anyone think of a reason why this would happen? It doesn't make any sense to me. Thanks.

    Also, if I open a new window and make another selection from the list, it will open the selection in the original window it was opened in. I don't know how on earth I did this, but it is kind of annoying.

  2. #2
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Start by using the following as your form element:
    HTML Code:
    <form action="" method="post">

  3. #3
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    Ok, sometimes I wonder how I miss these things. I used target instead of action, so the target was itself, but it was opening itself in a new window. I changed it to action and it stopped happening. I feel so absentminded sometimes, lol. Thanks Bokeh.

  4. #4
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    target is a new window... and the argument to target is the name given to the window, which may or may not already be open. Also do not use PHP_SELF as the argument to action; just use an empty string, as I posted.

  5. #5
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    Ok, I understand what you are saying but why? Every book I have ever read says to have a form refer to the page it is in for php code says to put <?php echo $_SERVER['PHP_SELF'] ?> for the action. I understand why putting nothing in there will accomplish the same thing, but then why do they tell you to do that?

  6. #6
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Because the people that wrote the books obviously were not award of the security vulnerabilities.

  7. #7
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    Ok, well, now you have caught my interest. Could you elaborate a little more, what kind of security vulnerabilities are there with that? If anything, I am trying to keep my pages as secure as I possibly can and if that is a huge opening I need to know so I can go back and fix a lot of my other pages.

  8. #8
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    Ok, since you mentioned it I have been looking around find info about security vulnerabilities in php and everything I have seen has to do with running php as a cgi, but nothing about running it as a isapi? Well, as long as I am running as a isapi I don't have a whole bunch to worry about, do I? Before I installed php I read a ton of papers about security holes in php cgi, so that is why I went with using it as a isapi, and so far it has been working great. If the same security issues are there in the isapi it would be great if someone said something, because I don't know how to find them.

  9. #9
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Running PHP as a CGI is probably more secure overall as it allows it to be run under user IDs other than that of the calling webserver.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles