Need expert help with advanced form Submit question

Discussion in 'HTML' started by SaraLeePerson@gmail.com, Oct 19, 2007.

  1. Guest

    Hello, could someone please kindly show me how to do this? I am
    running some experiments with this and hope to see if it can work
    again.

    Basically, I need a simple form page that will submit its results to
    the same page. I've seen this done before, but cannot recreate the
    results.

    Something like,

    <form method=post action="">
    <INPUT type="submit" name="button">
    <input type="hidden" name="test_Data" value="100">
    </form>

    So basically I want to prove hitting the form submit button sends me
    to the same page it is on, and passes some result back to it, and I
    can take it from there. Can this be done? :)

    Thank you in advance for help. Sara
    , Oct 19, 2007
    #1
    1. Advertising

  2. John Guest

    <> wrote in message
    news:...
    > Hello, could someone please kindly show me how to do this? I am
    > running some experiments with this and hope to see if it can work
    > again.
    >
    > Basically, I need a simple form page that will submit its results to
    > the same page. I've seen this done before, but cannot recreate the
    > results.
    >
    > Something like,
    >
    > <form method=post action="">
    > <INPUT type="submit" name="button">
    > <input type="hidden" name="test_Data" value="100">
    > </form>
    >
    > So basically I want to prove hitting the form submit button sends me
    > to the same page it is on, and passes some result back to it, and I
    > can take it from there. Can this be done? :)
    >
    > Thank you in advance for help. Sara
    >


    I cannot see how this can be done in HTML. It is straightforward in Perl.
    Indeed, Perl Web programmers do it all the time.

    action='/example.com/cgi-bin/test.pl'
    use CGI;
    my $testdata=param('test_Data');
    [ work on variable $testdata ]

    Have you seen something like this?

    Regards
    John
    John, Oct 19, 2007
    #2
    1. Advertising

  3. While the city slept, ()
    feverishly typed...

    [...]
    > <form method=post action="">
    > <INPUT type="submit" name="button">
    > <input type="hidden" name="test_Data" value="100">
    > </form>
    >
    > So basically I want to prove hitting the form submit button sends me
    > to the same page it is on, and passes some result back to it, and I
    > can take it from there. Can this be done? :)


    Assuming you have PHP on your server, try something like the following;

    <form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
    (rest of form...)
    </form>

    and anywhere else on your page...

    <?php
    if(isset($_POST["test_Data"])) {
    print("<p>test_Data = ".$_POST["test_Data"]."</p>\n");
    }
    ?>

    Hope that helps.

    Cheers,
    Nige


    --
    Nigel Moss http://www.nigenet.org.uk
    Mail address will bounce. | Take the DOG. out!
    "Your mother ate my dog!", "Not all of him!"
    nice.guy.nige, Oct 19, 2007
    #3
  4. cf Guest

    let it be known on Fri, 19 Oct 2007 05:01:13 -0000
    scribed:

    |Hello, could someone please kindly show me how to do this? I am
    |running some experiments with this and hope to see if it can work
    |again.
    |
    |Basically, I need a simple form page that will submit its results to
    |the same page. I've seen this done before, but cannot recreate the
    |results.
    |
    |Something like,
    |
    |<form method=post action="">
    |<INPUT type="submit" name="button">
    |<input type="hidden" name="test_Data" value="100">
    |</form>
    |
    |So basically I want to prove hitting the form submit button sends me
    |to the same page it is on, and passes some result back to it, and I
    |can take it from there. Can this be done? :)
    |
    |Thank you in advance for help. Sara
    |

    My contact form here
    <http://www.cnswallpaper.com/contact.asp>
    does everything on the contact.asp, including the error page and sending the message to me (JMail on the server).

    It's done in plan old .asp so a lot will depend what you have available on your server. I just capture the status=submit to have the page display the conformation.

    hth
    --
    cf <>
    I may be dumb, but I'm not stupid.
    Terry Bradshaw
    cf, Oct 19, 2007
    #4
  5. Neredbojias Guest

    Well bust mah britches and call me cheeky, on Fri, 19 Oct 2007 05:01:13 GMT
    scribed:

    > Hello, could someone please kindly show me how to do this? I am
    > running some experiments with this and hope to see if it can work
    > again.
    >
    > Basically, I need a simple form page that will submit its results to
    > the same page. I've seen this done before, but cannot recreate the
    > results.
    >
    > Something like,
    >
    > <form method=post action="">
    > <INPUT type="submit" name="button">
    > <input type="hidden" name="test_Data" value="100">
    > </form>
    >
    > So basically I want to prove hitting the form submit button sends me
    > to the same page it is on, and passes some result back to it, and I
    > can take it from there. Can this be done? :)


    Of course it can be doen - simply by setting the action parameter to the
    url of the source page.

    What you do with the data, however, will depend upon the scripting type you
    opt to utilize. And you will need some scripting. My recommendation is to
    look into php.

    --
    Neredbojias
    Neredbojias, Oct 19, 2007
    #5
  6. Bergamot Guest

    wrote:
    >
    > So basically I want to prove hitting the form submit button sends me
    > to the same page it is on, and passes some result back to it, and I
    > can take it from there. Can this be done?


    Not in HTML, but any server-side language will do it.

    --
    Berg
    Bergamot, Oct 19, 2007
    #6
  7. nice.guy.nige wrote:
    > While the city slept, ()
    > feverishly typed...
    >
    > [...]
    >> <form method=post action="">
    >> <INPUT type="submit" name="button">
    >> <input type="hidden" name="test_Data" value="100">
    >> </form>
    >>
    >> So basically I want to prove hitting the form submit button sends me
    >> to the same page it is on, and passes some result back to it, and I
    >> can take it from there. Can this be done? :)

    >
    > Assuming you have PHP on your server, try something like the following;
    >
    > <form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
    > (rest of form...)
    > </form>


    I feel compelled to warn you all that you should *not* do the above
    example. There is an XSS flaw in it. A safe example to demonstrate the
    risk is to pass this to the example script:

    http://example.com/risky.php/%22%3E%3Cscript%3Ealert('xss, time to be
    worried')%3C/script%3E%3Cfoo

    You will get a harmless alert box, but there are a lot more nefarious
    things that can be done. There is an easy fix though, don't use the raw
    URL parsed by $_SERVER["PHP_SELF"].

    sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion

    Then use:

    <form method="post" action="<?php echo $sanitized; ?>">




    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Oct 19, 2007
    #7
  8. BootNic Guest

    "Jonathan N. Little" <> wrote:
    news:46b3f$4718be9b$40cba7cb$:

    >> <form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
    >> (rest of form...)
    >> </form>

    >
    > I feel compelled to warn you all that you should *not* do the above
    > example. There is an XSS flaw in it. A safe example to demonstrate the
    > risk is to pass this to the example script:
    >
    > http://example.com/risky.php/%22%3E%3Cscript%3Ealert('xss, time to be
    > worried')%3C/script%3E%3Cfoo
    >
    > You will get a harmless alert box, but there are a lot more nefarious
    > things that can be done. There is an easy fix though, don't use the
    > raw URL parsed by $_SERVER["PHP_SELF"].
    >
    > sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion
    >
    > Then use:
    >
    > <form method="post" action="<?php echo $sanitized; ?>">


    $_SERVER["SCRIPT_NAME"] may be an alternative.

    --
    BootNic Friday October 19, 2007 2:29 PM
    The world is very different now. For man holds in his mortal hands
    the power to abolish all forms of human poverty, and all forms of
    human life.
    *John Fitzgerald Kennedy, Inaugural Address*
    BootNic, Oct 19, 2007
    #8
  9. BootNic wrote:
    > "Jonathan N. Little" <> wrote:
    > news:46b3f$4718be9b$40cba7cb$:
    >
    >>> <form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
    >>> (rest of form...)
    >>> </form>

    >> I feel compelled to warn you all that you should *not* do the above
    >> example. There is an XSS flaw in it. A safe example to demonstrate the
    >> risk is to pass this to the example script:
    >>
    >> http://example.com/risky.php/%22%3E%3Cscript%3Ealert('xss, time to be
    >> worried')%3C/script%3E%3Cfoo
    >>
    >> You will get a harmless alert box, but there are a lot more nefarious
    >> things that can be done. There is an easy fix though, don't use the
    >> raw URL parsed by $_SERVER["PHP_SELF"].
    >>
    >> sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion
    >>
    >> Then use:
    >>
    >> <form method="post" action="<?php echo $sanitized; ?>">

    >
    > $_SERVER["SCRIPT_NAME"] may be an alternative.
    >


    Yes, but you would lose and legitimate query string parameters if this
    was a GET process.

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Oct 19, 2007
    #9
  10. BootNic Guest

    "Jonathan N. Little" <> wrote:
    news:b7604$47190931$40cba7cb$:

    > BootNic wrote:
    >> "Jonathan N. Little" <> wrote:
    >> news:46b3f$4718be9b$40cba7cb$:
    >>
    >>>> <form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
    >>>> (rest of form...) </form>
    >>> I feel compelled to warn you all that you should *not* do the above
    >>> example. There is an XSS flaw in it. A safe example to demonstrate
    >>> the risk is to pass this to the example script:
    >>>
    >>> http://example.com/risky.php/%22%3E%3Cscript%3Ealert('xss, time to
    >>> be worried')%3C/script%3E%3Cfoo
    >>>
    >>> You will get a harmless alert box, but there are a lot more
    >>> nefarious things that can be done. There is an easy fix though,
    >>> don't use the raw URL parsed by $_SERVER["PHP_SELF"].
    >>>
    >>> sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS
    >>> insertion
    >>>
    >>> Then use:
    >>>
    >>> <form method="post" action="<?php echo $sanitized; ?>">

    >>
    >> $_SERVER["SCRIPT_NAME"] may be an alternative.
    >>

    >
    > Yes, but you would lose and legitimate query string parameters if this
    > was a GET process.


    Where would it go?

    $_GET perhaps

    --
    BootNic Friday October 19, 2007 6:46 PM
    Inform all the troops that communications have completely broken
    down.
    *Ashleigh Brilliant*
    BootNic, Oct 19, 2007
    #10
  11. BootNic wrote:
    > "Jonathan N. Little" <> wrote:
    > news:b7604$47190931$40cba7cb$:
    >
    >> BootNic wrote:
    >>> "Jonathan N. Little" <> wrote:
    >>> news:46b3f$4718be9b$40cba7cb$:


    >>>> <form method="post" action="<?php echo $sanitized; ?>">
    >>> $_SERVER["SCRIPT_NAME"] may be an alternative.
    >>>

    >> Yes, but you would lose and legitimate query string parameters if this
    >> was a GET process.

    >
    > Where would it go?
    >
    > $_GET perhaps
    >


    Duh! Of course. $_SERVER["SCRIPT_NAME"] also insures trailing characters
    are not parsed and removes that method of XSS. Also if the server has
    magic quotes enabled helps.


    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, Oct 20, 2007
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?VGltOjouLg==?=

    HELP... Advanced Form... Need Guru

    =?Utf-8?B?VGltOjouLg==?=, Feb 16, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    326
    Leo Muller
    Feb 17, 2005
  2. Replies:
    27
    Views:
    758
    Andy Dingley
    Oct 31, 2007
  3. Michele Simionato
    Replies:
    1
    Views:
    584
    Lacrima
    Mar 27, 2010
  4. Replies:
    3
    Views:
    651
  5. Replies:
    29
    Views:
    336
    Andy Dingley
    Oct 31, 2007
Loading...

Share This Page