Take PHP to be specific. I get this from my PHP textbook…
<form action="<?=$_SERVER[‘PHP_SELF’]?>" method=“POST”>
But the PHP_SELF bit is redundant. This…
<form action="" method=“POST”>
Does the same.
So is there a good reason to specifically point the page at itself, when that is the default?
Never written a line of PHP in my life, but maybe action="" doesn’t work in all browsers or some such?
The bit between the quotes explicitly passes the filename to the action. If you want the action to call a different file you would put that filename instead.
It is, apparently, unnecessary with PHP as it’s understood that PHP itself will process the data. However, in plain old HTML “action” is a required parameter that gives the URL of the application that will process the form’s data. This application is separate from the web server, by convention stored in a cgi-bin directory. The form tag would typically look like:
<form action="http://www.example.com/cgi-bin/process">
...
</form>
If you then go into the www-root directory, under ./cgi-bin/, you find find an executable file with the name of “process” that does the actual dirty work of processing the form data.
The HTML standard requires the presence of this attribute. As such, if the attribute isn’t included within the <form> element, then it’s basically up to the individual browsers to decide how they want to handle it.
So, I would bet that PHP is explicitly designating the current page as the action handler so that:
[ul]
[li] Browsers that are sticklers for standard compliant HTML don’t freak out; OR[/li][li] Browsers don’t decide to use some arbitrary action handler (i.e., there’s nothing in the standard that explicitly states that a blank action handler should represent the current URI)[/li][/ul]
Ah, yes, the specs say that user behavior for a missing “action” parameter is undefined. So it’s not that PHP has a reasonable default but rather the browser had a reasonable default in passing the name of the self-URI, which so happened to be the script that processed the data from the form. Some other browsers may not be so forgiving.
The method is quite necessary and getting more so, in PHP at least.
Forms, depending on the browser, default to the “get” method rather than “post”, which means form information is thrown into the URL in a long string (?var1=whatever&var2=whateverelse).
On the PHP page which retrieves this input, it is retrieved using “$_GET[‘var1’]”.
If the form method is specified as “post”, the PHP will retrieve the form input as “$_POST[‘var1’]”. In this case the form inputs are NOT in the url.
In previous versions of PHP, _GET and _POST variables are treated equally, if global_registers is on. Similarly, you can use $_REQUEST to get the input from either get or post.
However, because of security concerns, this is changing in the latest version of PHP and many hosts are turning global_registers off, so your form code really needs to specify a method of sending the data, and the PHP which processes it needs to use the same method.
Method != Action.