2

I have some data stored in an XML file and want to be able to edit that through an HTML form on a PHP page. In the PHP page I'm calling an XSL file to turn the XML file into an HTML form and this works:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
  <h2>My data</h2>
  <form action="test.php" method="post">
    <table border="1">
      <tr bgcolor="#9acd32">
        <th style="text-align:left">Title</th>
        <th style="text-align:left">Date</th>
      </tr>
      <xsl:for-each select="events/event">
      <tr>
        <td>Title: <input type="text" id="title" name="title" value="{title}"></input></td>
        <td>Date: <input type="text" id="date" name="date" value="{date}"></input></td>
      </tr>
      </xsl:for-each>
      <tr><td></td><td><input type="submit" value="Submit"/></td></tr>
    </table>
  </form>
</xsl:template>
</xsl:stylesheet>

But I want this form to submit to the PHP page that it was called from. This is an XSL file so PHP code isn't being processed so I can't change the form action to:

"<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>

Is it possible to run this PHP code in an XSL file so that it sends the form contents back to the same PHP page?

Tim B
  • 189
  • 9
  • If you omit entirely the form action it should POST to the same page - is that what you mean?! – Professor Abronsius Dec 23 '20 at 16:39
  • @ProfessorAbronsius , thanks, I wasn't aware of that. However I've just seen other posts suggesting that it's bad practise to omit the form action or leave it blank, and others suggesting it could be a security hazard. Here's one of the posts: https://stackoverflow.com/questions/1131781/is-it-a-good-practice-to-use-an-empty-url-for-a-html-forms-action-attribute-a – Tim B Dec 23 '20 at 17:05
  • Well using `PHP_SELF` is not a good thing - slightly safer using `htmlspecialchars` but that link you reference the accepted answer begins `"The best thing you can do is leave out the action attribute altogether. If you leave it out, the form will be submitted to the document's address, i.e. the same page."` – Professor Abronsius Dec 23 '20 at 17:16
  • Ok, I want to jump to a specific part of the page after the form is submitted. I thought that I would need to keep the action attribute and give it the value "#jumphere". Is this the correct way to do this? Thanks – Tim B Dec 23 '20 at 22:34

1 Answers1

0

From php you can call the xsl-transformation using parameters like this:

<?php
$xmlUri      = '/some/path/to/your.xml';
$xslUri      = '/some/path/to/your.xsl';
$xmlDocument = new DOMDocument;
$xslDocument = new DOMDocument;

if ($xmlDocument->load($xmlUri) && $xslDocument->load($xslUri)) {

    $xsltProc = new XSLTProcessor();
    $xsltProc->setParam('php-file', htmlspecialchars($_SERVER['PHP_SELF']));
    if ($xsltProc->importStyleSheet($xslDocument)) {
        echo $xsltProc->transformToXML($xmlDocument);
    }
}

Change your xsl like this:

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  <xsl:param name="php-file"/>
  <xsl:template match="/">
    <h2>My data</h2>
    <form action="{$php-file}" method="post">
      <table border="1">
        <tr bgcolor="#9acd32">
          <th style="text-align:left">Title</th>
          <th style="text-align:left">Date</th>
        </tr>
        <xsl:for-each select="events/event">
          <tr>
            <td>Title: <input type="text" id="title" name="title" value="{title}"></input></td>
            <td>Date: <input type="text" id="date" name="date" value="{date}"></input></td>
          </tr>
        </xsl:for-each>
        <tr><td></td><td><input type="submit" value="Submit"/></td></tr>
      </table>
    </form>
  </xsl:template>
</xsl:stylesheet>

And you are good to go.

Siebe Jongebloed
  • 3,906
  • 2
  • 14
  • 19