Need expert help with advanced form Submit question

S

SaraLeePerson

Hello, could someone please kindly show me how to do this? I am
running some experiments with this and hope to see if it can work
again.

Basically, I need a simple form page that will submit its results to
the same page. I've seen this done before, but cannot recreate the
results.

Something like,

<form method=post action="">
<INPUT type="submit" name="button">
<input type="hidden" name="test_Data" value="100">
</form>

So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done? :)

Thank you in advance for help. Sara
 
J

John

Hello, could someone please kindly show me how to do this? I am
running some experiments with this and hope to see if it can work
again.

Basically, I need a simple form page that will submit its results to
the same page. I've seen this done before, but cannot recreate the
results.

Something like,

<form method=post action="">
<INPUT type="submit" name="button">
<input type="hidden" name="test_Data" value="100">
</form>

So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done? :)

Thank you in advance for help. Sara

I cannot see how this can be done in HTML. It is straightforward in Perl.
Indeed, Perl Web programmers do it all the time.

action='/example.com/cgi-bin/test.pl'
use CGI;
my $testdata=param('test_Data');
[ work on variable $testdata ]

Have you seen something like this?

Regards
John
 
N

nice.guy.nige

While the city slept, (e-mail address removed) ([email protected])
feverishly typed...

[...]
<form method=post action="">
<INPUT type="submit" name="button">
<input type="hidden" name="test_Data" value="100">
</form>

So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done? :)

Assuming you have PHP on your server, try something like the following;

<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
(rest of form...)
</form>

and anywhere else on your page...

<?php
if(isset($_POST["test_Data"])) {
print("<p>test_Data = ".$_POST["test_Data"]."</p>\n");
}
?>

Hope that helps.

Cheers,
Nige
 
C

cf

let it be known on Fri, 19 Oct 2007 05:01:13 -0000
(e-mail address removed) scribed:

|Hello, could someone please kindly show me how to do this? I am
|running some experiments with this and hope to see if it can work
|again.
|
|Basically, I need a simple form page that will submit its results to
|the same page. I've seen this done before, but cannot recreate the
|results.
|
|Something like,
|
|<form method=post action="">
|<INPUT type="submit" name="button">
|<input type="hidden" name="test_Data" value="100">
|</form>
|
|So basically I want to prove hitting the form submit button sends me
|to the same page it is on, and passes some result back to it, and I
|can take it from there. Can this be done? :)
|
|Thank you in advance for help. Sara
|

My contact form here
<http://www.cnswallpaper.com/contact.asp>
does everything on the contact.asp, including the error page and sending the message to me (JMail on the server).

It's done in plan old .asp so a lot will depend what you have available on your server. I just capture the status=submit to have the page display the conformation.

hth
 
N

Neredbojias

Well bust mah britches and call me cheeky, on Fri, 19 Oct 2007 05:01:13 GMT
scribed:
Hello, could someone please kindly show me how to do this? I am
running some experiments with this and hope to see if it can work
again.

Basically, I need a simple form page that will submit its results to
the same page. I've seen this done before, but cannot recreate the
results.

Something like,

<form method=post action="">
<INPUT type="submit" name="button">
<input type="hidden" name="test_Data" value="100">
</form>

So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done? :)

Of course it can be doen - simply by setting the action parameter to the
url of the source page.

What you do with the data, however, will depend upon the scripting type you
opt to utilize. And you will need some scripting. My recommendation is to
look into php.
 
B

Bergamot

So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done?

Not in HTML, but any server-side language will do it.
 
J

Jonathan N. Little

nice.guy.nige said:
While the city slept, (e-mail address removed) ([email protected])
feverishly typed...

[...]
<form method=post action="">
<INPUT type="submit" name="button">
<input type="hidden" name="test_Data" value="100">
</form>

So basically I want to prove hitting the form submit button sends me
to the same page it is on, and passes some result back to it, and I
can take it from there. Can this be done? :)

Assuming you have PHP on your server, try something like the following;

<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
(rest of form...)
</form>

I feel compelled to warn you all that you should *not* do the above
example. There is an XSS flaw in it. A safe example to demonstrate the
risk is to pass this to the example script:

http://example.com/risky.php/"><script>alert('xss, time to be
worried')%3C/script%3E%3Cfoo

You will get a harmless alert box, but there are a lot more nefarious
things that can be done. There is an easy fix though, don't use the raw
URL parsed by $_SERVER["PHP_SELF"].

sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion

Then use:

<form method="post" action="<?php echo $sanitized; ?>">
 
B

BootNic

<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
(rest of form...)
</form>

I feel compelled to warn you all that you should *not* do the above
example. There is an XSS flaw in it. A safe example to demonstrate the
risk is to pass this to the example script:

http://example.com/risky.php/"><script>alert('xss, time to be
worried')%3C/script%3E%3Cfoo

You will get a harmless alert box, but there are a lot more nefarious
things that can be done. There is an easy fix though, don't use the
raw URL parsed by $_SERVER["PHP_SELF"].

sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion

Then use:

<form method="post" action="<?php echo $sanitized; ?>">

$_SERVER["SCRIPT_NAME"] may be an alternative.

--
BootNic Friday October 19, 2007 2:29 PM
The world is very different now. For man holds in his mortal hands
the power to abolish all forms of human poverty, and all forms of
human life.
*John Fitzgerald Kennedy, Inaugural Address*
 
J

Jonathan N. Little

BootNic said:
<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
(rest of form...)
</form>
I feel compelled to warn you all that you should *not* do the above
example. There is an XSS flaw in it. A safe example to demonstrate the
risk is to pass this to the example script:

http://example.com/risky.php/"><script>alert('xss, time to be
worried')%3C/script%3E%3Cfoo

You will get a harmless alert box, but there are a lot more nefarious
things that can be done. There is an easy fix though, don't use the
raw URL parsed by $_SERVER["PHP_SELF"].

sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS insertion

Then use:

<form method="post" action="<?php echo $sanitized; ?>">

$_SERVER["SCRIPT_NAME"] may be an alternative.

Yes, but you would lose and legitimate query string parameters if this
was a GET process.
 
B

BootNic

BootNic said:
<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
(rest of form...) </form>
I feel compelled to warn you all that you should *not* do the above
example. There is an XSS flaw in it. A safe example to demonstrate
the risk is to pass this to the example script:

http://example.com/risky.php/"><script>alert('xss, time to
be worried')%3C/script%3E%3Cfoo

You will get a harmless alert box, but there are a lot more
nefarious things that can be done. There is an easy fix though,
don't use the raw URL parsed by $_SERVER["PHP_SELF"].

sanitized=htmlentities($_SERVER['PHP_SELF']); // prevent XSS
insertion

Then use:

<form method="post" action="<?php echo $sanitized; ?>">

$_SERVER["SCRIPT_NAME"] may be an alternative.

Yes, but you would lose and legitimate query string parameters if this
was a GET process.

Where would it go?

$_GET perhaps
 
J

Jonathan N. Little

BootNic said:
BootNic said:
<form method="post" action="<?php echo $sanitized; ?>">
$_SERVER["SCRIPT_NAME"] may be an alternative.
Yes, but you would lose and legitimate query string parameters if this
was a GET process.

Where would it go?

$_GET perhaps

Duh! Of course. $_SERVER["SCRIPT_NAME"] also insures trailing characters
are not parsed and removes that method of XSS. Also if the server has
magic quotes enabled helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top