problem with the get variable

Question

this is my form

<form name="thumbnail" action="<?php echo $_SERVER["PHP_SELF"];?>?complete=true" method="post">
            <input type="hidden" name="x1" value="" id="x1" />
            <input type="hidden" name="y1" value="" id="y1" />
            <input type="hidden" name="x2" value="" id="x2" />
            <input type="hidden" name="y2" value="" id="y2" />
            <input type="hidden" name="w" value="" id="w" />
            <input type="hidden" name="h" value="" id="h" />
            <input style="margin-top:7px;" type="submit" name="upload_thumbnail" value="Save Thumbnail" id="save_thumb" />
        </form>

and on the page i have this

<?php
 print_r($_GET);

  if($_GET["complete"] == "true"){ ?>
<script type="text/javascript">
    parent.jQuery.fancybox.close();
</script>
 <?php } ?>

but the get is always nothing..why is that when i add ?complete=true to the string

i tried GET POST but nothing....any ideas on how to do this

Answer 1

It works for me...

Array
(
    [complete] => true
)
<script type="text/javascript"> 
    parent.jQuery.fancybox.close();
</script> 

So you have a problem somewhere else.

Also, if you are going to use <?php echo $_SERVER["PHP_SELF"];?> for your form, change it to <?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?> for security.

Otherwise, I may request index.php/"%20onsubmit="alert('xss');return%20false"%20bla=" which leaves your HTML looking like....

<form name="thumbnail" action="/stuff/euler.php/" onsubmit="alert('xss');return false" bla="?complete=true" method="post"> 

Answer 2

Maybe try === instead of ==

I would guess the string "true" gets evaluated as true (boolean)