0

I'm creating a website that has HTML forms that have a blank action that leads to the same web page that the form is on so that the form can be processed with PHP. The PHP code isn't being executed. Can you look over my code and tell me what's wrong?

<?php
if (isset($_POST['reportsubmit'])) {
    $radio = $_POST['customer'];
    if ($radio == 'customer') {
        $redirect = 'Click <a href="#customer">here</a> to continue on with the form';
        header('Location: #redirect');
    } else if ($radio == 'item') {
        $redirect = 'Click <a href="#item">here</a> to continue on with the form';
        header('Location: #redirect');
    } else if ($radio == 'department') {
        $redirect = 'Click <a href="#department">here</a> to continue on with the form';
        header('Location: #redirect');
    } else if ($radio == 'person') {
        $redirect = 'Click <a href="#person">here</a> to continue on with the form';
        header('Location: #redirect');
    }
    exit;
} else if (isset($_POST['customersubmit'])) {
    //process form
    //redirect
    exit;
} else if (isset($_POST['itemsubmit'])) {
    //process form
    //redirect
    exit;
} else if (isset($_POST['departmentsubmit'])) {
    //process form
    //redirect
    exit;
} else if (isset($_POST['personsubmit'])) {
    //process form
    //redirect
    exit;
}
?>

<!DOCTYPE html>
<html>
<head>
    <title>Gordmart MIS Reports</title>
    <!--<link rel="stylesheet" href="../css/Main.css">-->
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.css">
    <script src="http://code.jquery.com/jquery-1.10.2.min.js"></script>
    <script src="http://code.jquery.com/mobile/1.4.2/jquery.mobile-1.4.2.min.js"></script>
</head>
<body>
    <div data-role="page" class="frame" id="report">
        <div data-role="header">
            <?php include("Header.php");?>
        </div>
        <div data-role="main" id="main">
            <h3>Would you like to view a report grouped by customers, items sold, sales departments, or sales people?</h3>
            <form action="" method="post">
                <input type="radio" name="report" value="customer"><p>Customers</p>
                <input type="radio" name="report" value="item"><p>Items Sold</p>
                <input type="radio" name="report" value="department"><p>Sales Departments</p>
                <input type="radio" name="report" value="person"><p>Sales People</p>
                <input type="submit" name="reportsubmit" value="Submit">
            </form>
        </div>
        <div data-role="footer">
            <h1>Footer Text</h1>
        </div>
    </div>
    <div data-role="page" class="frame" id="customer">
        <div data-role="header">
            <?php include("Header.php");?>
        </div>
        <div data-role="main" id="main">
            <h3>Would you like to view a cumulative report of all customers, or a single report of just one?</h3>
            <form action="" method="post">
                <input type="radio" name="customer" value="all"><p>All</p>
                <input type="radio" name="customer" value="one"><p>One</p><br>
                <input type="submit" name="customersubmit" value="Submit">
            </form>
        </div>
        <div data-role="footer">
            <h1>Footer Text</h1>
        </div>
    </div>
    <div data-role="page" class="frame" id="item">
        <div data-role="header">
            <?php include("Header.php");?>
        </div>
        <div data-role="main" id="main">
            <h3>Would you like to view a cumulative report of all sales items, or a single report of just one?</h3>
            <form action="" method="post">
                <input type="radio" name="item" value="all"><p>All</p>
                <input type="radio" name="item" value="one"><p>One</p><br>
                <input type="submit" name="itemsubmit" value="Submit">
            </form>
        </div>
        <div data-role="footer">
            <h1>Footer Text</h1>
        </div>
    </div>
    <div data-role="page" class="frame" id="department">
        <div data-role="header">
            <?php include("Header.php");?>
        </div>
        <div data-role="main" id="main">
            <h3>Would you like to view a cumulative report of all sales departments, or a single report of just one?</h3>
            <form action="" method="post">
                <input type="radio" name="department" value="all"><p>All</p>
                <input type="radio" name="department" value="one"><p>One</p><br>
                <input type="submit" name="departmentsubmit" value="Submit">
            </form>
        </div>
        <div data-role="footer">
            <h1>Footer Text</h1>
        </div>
    </div>
    <div data-role="page" class="frame" id="person">
        <div data-role="header">
            <?php include("Header.php");?>
        </div>
        <div data-role="main" id="main">
            <h3>Would you like to view a cumulative report of all sales people, or a single report of just one?</h3>
            <form action="" method="post">
                <input type="radio" name="person" value="all"><p>All</p>
                <input type="radio" name="person" value="one"><p>One</p><br>
                <input type="submit" name="personsubmit" value="Submit">
            </form>
        </div>
        <div data-role="footer">
            <h1>Footer Text</h1>
        </div>
    </div>
    <div data-role="page" class="frame" id="redirect">
        <div data-role="header">
            <?php include("Header.php");?>
        </div>
        <div data-role="main" id="main">
            <?php echo $redirect;?>
        </div>
        <div data-role="footer">
            <h1>Footer Text</h1>
        </div>
    </div>
</body>
</html>
  • 2
    is `$_POST['reportsubmit']` true? Also I'm pretty sure you can't redirect to an anchor. You need to specify the actual URL of the page. – Cfreak May 08 '14 at 23:20
  • As soon as you set the `header('Location: ...');` there's no further processing of the page, and it will try to redirect. – Sunny Patel May 08 '14 at 23:23
  • Try a `print_r($_POST)` to verify if the $_POST['reportsubmit'] is setted; – Maykonn May 08 '14 at 23:23
  • @leonardude what you like to do with `header('Location: #redirect')`? `#redirect` is an html anchor not a page to redirect... – Thiago França May 08 '14 at 23:25

2 Answers2

0

Try the next step:

1) For all forms:

replace <form action="" method="post"> to <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8"); ?>" method="post">

2) For all redirect:

$findHttp = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http';
header('Location: '.$findHttp.'://'.$_SERVER["HTTP_HOST"].'/');
exit;

3) Check POST request - var_dump($_POST); and find current 'if' block which work with that request.

Brotheryura
  • 1,158
  • 13
  • 21
  • 1
    You should sanitize that `$_SERVER['self']` echo with `htmlentities()`. Check [this SO question](http://stackoverflow.com/questions/6080022/php-self-and-xss). – Matthew Johnson May 08 '14 at 23:40
0

It's a best practice to specify the destination URL. If you want to sumbit to itself try this

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>">
Machavity
  • 30,841
  • 27
  • 92
  • 100
  • You should sanitize that echo with `htmlentities()`. Check [this SO question](http://stackoverflow.com/questions/6080022/php-self-and-xss). – Matthew Johnson May 08 '14 at 23:39