PHP Form submit with $_SERVER["PHP_SELF"] but removing the .php from the url

1
votes

I am working on a php form that will use $_SERVER["PHP_SELF"] to submit to the same page. i am using .htaccess file that takes the file name and it will take off the .php extension so my url looks like this: http://example.com/contact instead of http://example.com/contact.php......

when i remove the .php from the form action it refreshes the page but a SERVER['post'] is not recorded..

what am i doing wrong??

php code to record if a post request was sent

if($_SERVER['REQUEST_METHOD'] == 'POST'){
    echo 'POST WORKS';
}

form

<form action="<?php echo '/'.htmlspecialchars(basename($_SERVER["PHP_SELF"], '.php'), ENT_QUOTES, "utf-8"); ?>" method="post" name="contact-form" id="contact-form" class="contact-form">

    <div class="columns-2 float-left">
        <label for="name">Your name <span class="required-text orangeText">(Required)</span></label>
        <input name="name" id="name" type="text" class="" value=""/>
    </div>

    <div class="columns-2 float-right margin-0">
        <label for="email">Your email <span class="required-text orangeText">(Required)</span></label>
        <input name="email" id="email" type="text" class="" value=""/>
    </div>

    <div class="columns-1 margin-0">
        <label for="message">Your message <span class="required-text orangeText">(Required)</span></label>
        <textarea name="message" id="message"  type="text" class=""></textarea>
    </div>

    <div class="columns-1 float-right margin-0 submit-btn-container">
       <input name="submit" type="submit" id="submitbtn" value="Send your message"/>
    </div>
</form>

htaccess

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)/$ $1.php
RewriteRule ^([^/]+)/([^/]+)/$ /$1/$2.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteRule (.*)$ /$1/ [R=301,L]
3
phpforms
Does it not work if you just leave a blank form action to force posting to the same current URI (/contact)? <form method='post' action=''...>Michael Berkowski
The default behavior of a form is to post to self, so leaving out the action attribute will have the same effect, and doesn't show a .php at all...Elias Van Ootegem
Leaving it blank works!!! you guys are Genius. Does that leave me open to get hacked?Hector
Though you will find recommendations all over the web to leave the action as "", this is wrong and against the HTML5 spec. Leaving out the action entirely though, as Elias said, is fine.rjdown
See w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces.rjdown

3 Answers

0
votes

this was also a problem

echo '/'

No need for that in there

0
votes

You can use this in your .htaccess file:

#remove php file extension-e.g. https://example.com/file.php will become https://example.com/file
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [NC,L]
0
votes
<?php $PHP_SELF = htmlspecialchars($_SERVER['PHP_SELF']); ?>
<form method="post" action="<?php echo basename($PHP_SELF, '.php');?>">

Define a variable from PHP_SELF then use basename for cutting off the file extension.