Getting Error 404 when I try it out

Question

I made this php but I can't get it to work properly. When I type a name or a word I get the Error 404.

"Edit": Thanks i dont get the error 404 anymore but it still dont work when i type in a name. The text i type in and when i press enter it get erased and back to start. Anyone know if i missed something and how to fix it?

Code:

<?
     if(!isset($_REQUEST["name"])&&(!empty($_REQUEST["name"])))
     {
          echo "Hello".$_REQUEST["name"];
     }else
          echo "You have to type something!";
?>

<hr/>
<form method="post" action="<?=$_PHP_SELF?>">
     <input type="text" name="name"/>
</form>

`$_SERVER['PHP_SELF']` is vulnerable to xss attack.hence use `htmlspecialchars()` or `filter_input()` — krishna, Feb 07 '14 at 09:17
On the other hand, leaving action empty does not conform to the HTML 4 RFC too. — Raptor, Feb 07 '14 at 09:39

score 1 · Answer 1 · edited May 23 '17 at 11:49

Replace:

<?=$_PHP_SELF?>

with

<?php echo $_SERVER['PHP_SELF']; ?>

There is no such thing called $_PHP_SELF by default. Also, be careful, PHP short tags may be marked as deprecation in some PHP versions.

As mentioned by @krishna, using $_SERVER['PHP_SELF'] may lead to XSS attack. Use htmlspecialchars() to escape the URL.

On the other hand, leaving action attribute to empty does not conform to HTML 4 and 5 specification. See this answer. If you think putting an actual URL to action attribute is troublesome, you may use action="?" or action=".", which works the same as action="".

score 1 · Answer 2 · answered Feb 07 '14 at 08:59

1

try this

<?=$_SERVER['PHP_SELF']?>

or

<form method="post" action="">

answered Feb 07 '14 at 08:59

user1844933

3,296
2
25
42

Watch out, they are different. e.g `www.example.com/script.php` is not equal to `www.example.com/script.php?id=123` – Raptor Feb 07 '14 at 09:01

score 1 · Answer 3 · answered Feb 07 '14 at 09:11

1

$_SERVER['PHP_SELF'] vulnerable to XSS attacks.So try to avoid it and use htmlspecialchars() or filter_input like this

action="<?php echo filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL) ?>"

or

action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8"); ?>"

instead of

action="<?php echo $_SERVER['PHP_SELF']?>"

answered Feb 07 '14 at 09:11

krishna

4,069
2
29
56

1

Good to point out that `PHP_SELF` is vulnerable to XSS attacks. Recommend to use `htmlspecialchars()` for older hosting environment as `filter_input()` is only introduced after PHP 5.2.0. – Raptor Feb 07 '14 at 09:39

score 0 · Answer 4 · answered Feb 07 '14 at 09:00

0

You're using $_PHP_SELF wrong.

Type instead:

<?=$_SERVER['PHP_SELF']?>

answered Feb 07 '14 at 09:00

Maarkoize

2,601
2
16
34

score 0 · Answer 5 · answered Feb 07 '14 at 09:02

Please use the code below. I have changed the form action and also changed the following line from

!isset($_REQUEST["name"])

to

isset($_REQUEST["name"])

As effectively before you were checking the name wasn't set and wasn't empty.

<?
if(isset($_REQUEST["name"])&&(!empty($_REQUEST["name"])))
{
    echo "Hello ".$_REQUEST["name"];
}
else
{
  echo "You have to type something!";
}

?>
<hr/>
<form method="post" action="">
<input type="text" name="name"/>
</form>

score 0 · Answer 6 · answered Feb 07 '14 at 09:04

<?
if(isset($_REQUEST["submit"])&&(!empty($_REQUEST["name"])))
  // and you are not checking for submission
{
echo "Hello".$_REQUEST["name"];
}
else
echo "You have to type something!";
?>
<hr/>
<form method="post" action="">
<input type="text" name="name"/>
<input type="submit" name="submit" />   // where is the submission ??
</form>

Getting Error 404 when I try it out

6 Answers6