Why do we put "?" in action = "?"

Question

When I was learning Php with Mysql, I got a problem :

<form action="?" method="POST">
    .
    .
    .
</form>

Why do we put "?" in the action attribute?
PS: this form was for inserting text into a database.

Actually, I have an Index.php file which is the controller, and 2 files (form.html.php and joke.html.php as templates). In the tutorial, I first clicked on a link "add joke" to include the form.html.php file and in this form there is <form action="?"> </form> and a submit <input>. When I click on submit, the controller index tests and executes the inserted SQL query.

Thanks.

"?" is used to form GET variable query strings. This would submit the form (with form-encoded POST data) to the same page it's on but set no variables. — buley, Mar 11 '14 at 01:03
But in addition to posting to the same URL, it would blank any existing query string... — Michael Berkowski, Mar 11 '14 at 01:08
Please read this http://stackoverflow.com/questions/1131781/is-it-a-good-practice-to-use-an-empty-url-for-a-html-forms-action-attribute-a — Popnoodles, Mar 11 '14 at 01:12
Actually , I have an Index.php which is the controller ! and 2 files (form.html.php and joke.html.php as templates) and in the tutorial first I click on a link "add joke" to include the form.html.php and in this form there is this

and a submin and when I click on submit the controller index tests and execute the inserting sql query . — learner, Mar 11 '14 at 01:17
This has nothing to do with either PHP or MySQL. It is an HTML question. — Lightness Races in Orbit, Mar 11 '14 at 01:19
In the book he explained it like this way , but I didn't get it : "instead of leaving the action attribute empty (""), we set its value to ?. As we’ll see in a moment, the URL used to display the form in this example will feature a query string, and setting the action to ? strips that query string off the URL when submitting the form." — learner, Mar 11 '14 at 01:24
Okay' I understand it now ! I will explain it well : The main page is printing my jokes in my database (the data are jokes) , Okay! when I want to add a joke I have to click a link : ... when I click on it the link will change , and it will be : "localhost/a/?addjoke" So the form has a textarea with a variable "joketext" where the joke is stored . the index uses the if (isset($_POST['joketext'])) {}; so the $_POST has to find the joketext variable, so that's why the action="?", to strip the link "localhost/a/?addjoke" when submitting the form. Thank you anyway :) — learner, Mar 11 '14 at 01:54
This `` and `isset($_POST['joketext'])` are two different animals altogether. Your `href` demands a GET method and not a POST. Why don't you just post your whole code and let the people decide. — Funk Forty Niner, Mar 11 '14 at 02:21
I don't know, I'm applying the tutorial. Maybe to teach me how to control many webpages from a single one (index.php) and the others as templates. clicking the href include the form , and when you submit the action ="?" will strip the URL and send the variable "joketext" from the textarea to execute the sql query :) — learner, Mar 11 '14 at 02:33

Dummy Code · Answer 1 · 2014-03-11T02:49:55.257

1

Personally don't ever do that.... Use action="action.php" or use action="" post to the current URL.

Not sure what you are trying to accomplish with ? in the action attribute.

edited Mar 11 '14 at 02:49

answered Mar 11 '14 at 01:07

Dummy Code

131
8

What '?' would accomplish is the URI the form is posted to would just be the page the form is displayed on. – Popnoodles Mar 11 '14 at 01:09
@Popnoodles so why not just leave it blank or take it out? Just wondering. – Dummy Code Mar 11 '14 at 01:13
Leaving it blank and taking it out are the same thing, neither of which are a good idea. See this http://stackoverflow.com/questions/1131781/is-it-a-good-practice-to-use-an-empty-url-for-a-html-forms-action-attribute-a – Popnoodles Mar 11 '14 at 01:13
@Popnoodles ahh... so this question really is irrelevant because the OP is actually doing it correctly? – Dummy Code Mar 11 '14 at 01:14
1

I'm not entirely sure if it's correct to do that. Why wouldn't you put `action="#"` to also preserve any GET vars? ...Not that I mix them. I always point to a file. – Popnoodles Mar 11 '14 at 01:16
1

@Popnoodles Same, I'm going to have to look into it :) haha – Dummy Code Mar 11 '14 at 01:37

score 0 · Answer 2 · answered Mar 11 '14 at 01:04

0

"We" don't and "You" shouldn't do so either.

If you want to POST the data to the current URL, leave it empty, i.e. action="".
If you want to POST to another URL, put that URL in there, e.g. action="save.php".

answered Mar 11 '14 at 01:04

ThiefMaster

310,957
84
592
636

2

If you want to post to current url, `action=""` can be left out too. – Smar Mar 11 '14 at 01:05
Is that valid HTML? Edit: OK, in [HTML5 it is](http://stackoverflow.com/questions/9401521/is-action-really-required-on-forms). – ThiefMaster Mar 11 '14 at 01:06
1

This leaves your form open to iframe clickjacking attacks. Also W3C says action is required not implied. – Popnoodles Mar 11 '14 at 01:06
@Popnoodles: Any information on the clickjacking part? – ThiefMaster Mar 11 '14 at 01:07
Leaving action empty is also against HTML5 spec. – Popnoodles Mar 11 '14 at 01:11
1

@Popnoodles: Obviously I meant in relation to this case. I know what Clickjacking in general is. I just don't see how it applies to this case. – ThiefMaster Mar 11 '14 at 07:32

Why do we put "?" in action = "?"

2 Answers2