About PHP form , redirection

Question

Suppose my Form codes look like this

URL : localhost/my-url.php

<form action="hello.php">
...bla bla bla
</form>

I will process the data in hello.php and i want to redirect to user to same url after processing (according to above example)

localhost/my-url.php

I know we can use header but i don't know how to get that url from which form was submited :(

Googled but didn't found any use full.

Thanks.

pass the URL as a hidden input with the form or even better, try using ajax — gbestard, Jun 24 '14 at 12:38
You can give the previous page name in hidden value And can use that in header in next page — Khushboo, Jun 24 '14 at 13:00

score 4 · Accepted Answer · answered Jun 24 '14 at 12:39

4

Add a hidden value in your form:

<input type="hidden" name="lastUrl" value="<?php echo $_SERVER['REQUEST_URI'] ?>" />

You now have the URL in $_POST['lastUrl'] data. You need to do it that complicated because $_SERVER["HTTP_REFERER"]; is send by the browser, and not all of them do this reliable.

answered Jun 24 '14 at 12:39

colburton

4,685
2
26
39

about security? will i face problem if user sets their data? – user3703850 Jun 24 '14 at 12:45
1

@user3703850 if the user modifies the form, you receive modified data. – bear Jun 24 '14 at 12:47
2

Well you would redirect them to another url. But there is no harm in that, they could have just as easily inputted the address in their browser themselves. – colburton Jun 24 '14 at 12:47

score 3 · Answer 2 · answered Jun 24 '14 at 12:42

You should put a hidden field in your form and set its value to current page url.

Then you submit the form and get the value of hidden field.

Then you can redirect user to hidden field (which is actually a URL of the page where you are submitting form) by using javascript or php.

score 0 · Answer 3 · answered Jun 24 '14 at 12:38

0

You can use the

 $_SERVER["HTTP_REFERER"];

to get the original URL where the form was posted from.

Remember to escape it, if you use it however. ]

Alternatively, you can process the form using AJAX, send process things (redirection) client-side.

Note that form data can be changed and intercepted if you wish to send the URL of the page as form data.

answered Jun 24 '14 at 12:38

bear

11,364
26
77
129

1

HTTP_REFERER is transmitted by the browser. And not all of them do this! – colburton Jun 24 '14 at 12:40
@colburton whilst true, it's mostly reliable and somewhat secure. – bear Jun 24 '14 at 12:41
1

I do not think, "mostly" and "somewhat" are going to cut it. – colburton Jun 24 '14 at 12:41
is is dependent on browser?? – user3703850 Jun 24 '14 at 12:46
it's more secure than putting the data in the form itself. I say mostly because most browsers do send the data, but it is stripped out by intermediaries. – bear Jun 24 '14 at 12:46
@user3703850 yes it is dependent on browser. – bear Jun 24 '14 at 12:47
Thanks just want to know if major browser like moz,chorme,safari and some mobile browser support or not? – user3703850 Jun 24 '14 at 12:48
@user3703850 see http://stackoverflow.com/questions/6880659/in-what-cases-will-http-referer-be-empty – bear Jun 24 '14 at 12:50
@bear: `"it's more secure than putting the data in the form itself"` - How so? Both are sent from the client. Both can be modified by the client, or omitted entirely. How is one "more secure" than another? At least with a form value the code is making an explicit assertion about what the behavior should be. With the referrer header the code just assumes something which may not be true. – David Jun 24 '14 at 12:51
@David maybe I should clarify. Both are just as bad as each other. However, why would one make it easier to change? user3703850 could use both and determine one or the other. – bear Jun 24 '14 at 13:07

About PHP form , redirection

3 Answers3