php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14288 HTTP_GET_VARS influenced by PHP_SELF
Submitted: 2001-11-29 14:00 UTC Modified: 2001-12-04 19:41 UTC
From: se at brainbits dot net Assigned:
Status: Not a bug Package: Variables related
PHP Version: 4.0.6 OS: SuSE7.2; Apache 1.3.20; mod_php4
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: se at brainbits dot net
New email:
PHP Version: OS:

 

 [2001-11-29 14:00 UTC] se at brainbits dot net
<?php 
if($HTTP_GET_VARS["delete"]){
    echo "delete";
}else{
    echo "don't delete";
}
?>
<html>
<head>
</head>
<body>
<form action="<?php echo $PHP_SELF;?>" method="POST" name="form1">
<input type="text" name="test">
<a href="javascript:document.form1.submit();">Save</a>
</form>
<a href="<?php echo $PHP_SELF;?>?delete=true">delete</a>
</body>
</html>

The script above don't work correctly. After clicking "delete" the if-statement print "delete". Then you click on "Save" and the if-statement print "delete" just like you click on "delete". 
If the "echo $PHP_SELF" in the form-tag will be replaced by the plaintext-name of the script everything will work correctly - you can click on "Save" then and the if-statement gives you a "don't delete".

It seems like the $PHP_SELF stores the HTTP_GET_VARS, but if I do a "echo $PHP_SELF" I get the script path, the script name and that's all, there are no HTTP_GET_VARS - but the script still works like the HTTP_GET_VARS are there.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-12-02 02:51 UTC] zak@php.net
Cannot reproduce on server (and client ftm) SuSE 7.2 w/ 
Apache 1.3.22 using Netscape Communicator or Konqueror.

Can you reproduce this behavior under all browsers? What 
happens when you use a submit button instead of javascript?

 [2001-12-04 19:41 UTC] sniper@php.net
RTFM:

http://www.php.net/manual/en/language.variables.predefined.php

$PHP_SELF only contains filename of the currently executing script,
nothing else.

Ask further support questions on the mailing lists:

http://www.php.net/support.php

--Jani

 [2003-11-17 03:11 UTC] christopherbrueck at hotmail dot com
replace $HTTP_GET_VARS with $HTTP_POST_VARS
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 22:01:26 2024 UTC