Reputation: 107
Execute $_SERVER['PHP_SELF'] without removing my $_GET variables
I'm having trouble with <?php echo $_SERVER['PHP_SELF']; ?>. For some reason this line in my HTML form removes my $_GET variables (that I manually put into place) from the URL.
To understand my problem here is my register.php code:
<?php
session_start();
// IF USER NOT REMEMBERED(DID NOT CLICK REMEBER ME BUTTON) OR NO SESSION IS FOUND THEN THROW HIM OUT TO LOGIN
//SECURITY SO THAT USERS CANT ACCESS WEB URL DIRECTLY
$host="localhost"; // Host name
$username="user"; // Mysql username
$password="password"; // Mysql password
$db_name="database"; // Database name
$tbl_name="temp_table"; // Table name
// Connect to server and select databse.
$link_temp = mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db($db_name, $link_temp);
$results=mysql_query("SELECT temporary_password, temporary_username FROM $tbl_name WHERE temporary_username = '".$_GET['temp_username']."'");
$row = mysql_fetch_array($results);
if($_GET['temp_password'] != $row['temporary_password'] || $_GET['temp_username'] != $row['temporary_username']){
mysql_close();
header("Location: index.php?invalid_user=1");
}
elseif (empty($_GET['temp_password']) || empty($_GET['temp_username']) || empty($_GET)) {
mysql_close();
header("Location: index.php?invalid_user=1");
}
if(isset($_POST['submit']))
{
//retrieve our data from POST
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2){
echo '<div class="alert">Passwords do not match!</div>';
die();
}
$encrypted_mypassword = md5($pass1);
$dbhost = "localhost";
$dbname = "dbname";
$dbuser = "user";
$dbpass = "password"; //not really
$link_users = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $link_users);
//sanitize values before entering into database
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$firstname = ucfirst(strtolower($firstname));
$lastname = ucfirst(strtolower($lastname));
$query = "INSERT INTO users ( firstname, lastname, username, password)
VALUES ('$firstname' , '$lastname' , '$username' , '$encrypted_mypassword');";
mysql_query($query);
mysql_close();
echo '<div class="info">User Successfully Created!</div>';
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Secure Customer Login</title>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black" />
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure_register.css">
<link href='https://fonts.googleapis.com/css?family=Nothing+You+Could+Do' rel='stylesheet' type='text/css'>
<script>document.createElement('footer');</script>
</head>
<body>
<div class="img">
<img src="images/logo.png" />
</div>
<form class="box login" style="max-width:334px;" name="register" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset class="boxBody">
<label>First Name</label>
<input type="text" name="firstname" maxlength="50" tabindex="1" placeholder="First Name" required />
<label>Last Name</label>
<input type="text" name="lastname" maxlength="50" tabindex="2" placeholder="Last Name" required />
<label>Username</label>
<input type="email" name="username" maxlength="50" tabindex="3" placeholder="Email" required/>
<label>Password</label>
<input type="password" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\w{6,}" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Password must contain at least 6 characters, including UPPER and lowercase and numbers' : ''); if(this.checkValidity()) form.pass2.pattern = this.value;" placeholder="Password" name="pass1" tabindex="4" />
<label>Repeat Password</label>
<input type="password" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])\w{6,}" onchange="this.setCustomValidity(this.validity.patternMismatch ? 'Please enter the same Password as above' : '');" placeholder="Repeat Password" name="pass2" tabindex="5" />
</fieldset>
<footer>
<center><input type="submit" name="submit" value="Register" class="btnLogin" /></center>
</footer>
</form>
<footer id="main">
© 2014 Rye High Group. All rights reserved.</a>
</footer>
</body>
</html>
Basically the register.php page on my website gets an input from a link that contains two get variables: temp_username and temp_password. So the link that is used to access the site looks like this: my_domin.ca/register.php?temp_username=SomeUser1&temp_password=Somepassword1
The get variables are compared to entries in the database and if they return true the user is granted access to register.php, otherwise he will be forwarded to index.php. Accessing register.php is no problem, but as soon as the form is submitted the $_GET variables are removed from the URL thus forwarding the user to index.php
My question is: How can I modify <?php echo $_SERVER['PHP_SELF']; ?> to stop removing GET variables
P.S. I will transition to mysqli as soon as I get basic functionality working on my site (since I know mysql_* the best and want to reduce errors in the transition period)
Upvotes: 2
Views: 4536
Answers (1)
Reputation: 4607
$_SERVER['REQUEST_URI'] : The URI which was given in order to access this page.
Your form should be like:
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>">
your inputs
</form>
Upvotes: 4
Related Questions
- php $_GET with no variable
- Php global $_GET variable
- How to put $_SERVER['PHP_SELF'] in given code?
- PHP Can't retrieve $_GET variable
- pass GET variables when using $_SERVER['PHP_SELF']
- $_GET variable in php without using a form
- PHP $_GET & MySQL
- PHP echo $_SERVER['PHP_SELF'] with added variable?
- Option besides using $_GET
- Get php self and GET variables