PHP and form. PHP _SELF in the action form attribute What is the value of PHP _SELF

Last updated: 11/1/2015

One of the main ways to transmit data to a website is through form processing. Forms represent special HTML layout elements that accommodate various input elements - text fields, buttons, etc. And using these forms, we can enter data and send them to the server. And the server is already processing this data.

The creation of forms consists of the following aspects:

Creation of an element in HTML layout

Add one or more input fields to each element

Setting the data transfer method: GET or POST

Setting the address to make it easier to enter data

Well, let’s create a new form. For this purpose the new file form.php is important, which in place of:

The action="login.php" attribute of the form element specifies that the form data will process the script login.php, which is the same as the file form.php in one folder. And the method="POST" attribute indicates that the POST method will be used as a data transfer method.

Now we can create the file login.php, what kind of offensive progress:

To extract data from the form, use the global change $_POST. This is an associative array of data passed to the POST method. Vikorist keys, we can remove the assigned values. The keys of this array are the values of the name attributes of the form input fields.

Since the name attribute of the login input field has the value login(), then in the $_POST array of the value field the key "login" is represented: $_POST["login"]

There are some possible situations if the input field is set, for example, when going directly to the script: http://localhost:8080/login.php. In this case, before processing the data, it is necessary to check whether it is available in the additional isset() function. If the change is set, the isset() function returns the value to true .

Now we can turn to form:

And after pressing the enter button, the data will be sent to the script using the POST method login.php:

It is not necessary to overload the form data to another script; the forms can be processed in the same form file. For whom is the file modified? form.php Let's advance with rank:

Data security

Of great importance to PHP is the organization of data security. Let's look at a number of simple mechanisms that can improve the security of our website.

First, let’s take the form from the previous topics and try to complete the steps given. For example, enter “alert(hi);” in the login field, and “password” in the password field:

After filling the data with HTML markup, the JavaScript code will be sent to display the notification window.

To avoid such security problems, use the htmlentities() function:

If(isset($_POST["login"]) && isset($_POST["password"]))( $login=htmlentities($_POST["login"]); $password = htmlentities($_POST["password" ]), echo "Your login: $login
Your password: $password"; )

І enter after entering the html or javascript code, all tags will be escaped, and we will skip the next step:

Another function - the strip_tags() function allows you to completely turn on HTML tags:

If(isset($_POST["login"]) && isset($_POST["password"]))( $login=strip_tags($_POST["login"]); $password = strip_tags($_POST["password" ]), echo "Your login: $login
Your password: $password"; )

The result of this work, with the same introduction, will be an offensive.

“Don’t abuse the goto operator,” that’s what the academics at the academy told us, and it’s true that this operator turns the code into a whole mess. PHP developers have solved the problem radically - php3 and php4 simply don’t have it. Why did you smell the stench from the beginning? Perhaps you wanted to teach us all the correct programming style? Well, we can say that it’s completely gone away - we’ve all already called, so it’s better to say that we’ve clearly identified the type of operator, maybe even better, since I just happened to come up with a logical construction like Ilkom compensated for this ill-fated goto.
I don’t know for anyone, but for me, I especially often felt the need to vikorystuvovat goto when creating a sampler of html forms, if the koristuvach is sent to the server without personal data, as the php script must be checked step by step. The process usually takes place in a number of stages: the process of the same form, verification of the extracted data, forward display, and, for example, saving. Moreover, these steps can be repeated: if the verification of the data did not go well, we move on to other forms, or if the previous display is not controlled by the correspondent, they can be turned around before entering the data. In short, apparently, several pieces of code can become very involved. It is also not very easy to understand functions in these minds - there are a lot of inputs and outputs, the function is forced to compile complex actions, it is too difficult to come out and the readability of the code drops sharply.
And I saw such an axle design.

.
You are one year old.

Example of this program:

Hello, Sergiu. You are thirty years old.

Please don't bother with the code with htmlspecialchars() and (int), the principle of the robotic code may be simple and understandable. htmlspecialchars() ensures that "special" HTML characters are correctly encoded so that unnecessary HTML or Javascript is not inserted into your page. The age field, since we know it is a number, can simply be changed to an integer, which will automatically save us from unnecessary characters. PHP can also automatically generate additional filter extensions. The $_POST["name"] and $_POST["age"] settings are automatically installed for you by PHP. Previously, we vikoristed the superglobal change $_SERVER, but here we are vikorist the superglobal change $_POST, in order to remove all POST data. Dear scho edit method(method) of our form is POST. Yakbi mi vikoristovali method GET, then the information of our form would be in the superglobal change $_GET. By the way, you can use the $_REQUEST change, since the data is not significant. This is the only way to do this: GET, POST, COOKIE.

15 years ago

Subject to the HTTP specification, you must use the POST method if you are using a form for changing articles at the current time on the end server. For example, as the page provides a form for available contributors to retrieve their new comments, as in the page here, form should be used POST.If you click "Reload" or "Refresh" on page that you reached through a POST, it's always an error - you shouldn't be posting the same comment twice -- which is why these pages aren't bookmarked or cached.

You should use the GET method if your form is good, so as to take time away from the server and not actually change anyway. For example, the method for searching is strictly due to the use of GET, so that when reading a website it is necessary not to change any idea that the client can quickly access it, and bookmarking or caching the results of a search-engine query is just as useful as bookmarking or static HTML page.

2 years ago

Worth clarifying:

POST is not more secure than GET.

The reason for choosing GET vs POST involves differences in the factory, such as inheritance (what is "confusion"? URL), and how you can build a function to be shareable -- for example, Google Searches - Get because it makes it easy to copy and share the search query with someone lose simply by sharing the URL.

Health is just a glance, but in reality, GET is easier to share than a POST. As a matter of fact: you don’t have to write the word to be in GET, because the user is going to use the URL and unsurprisingly reveal that word.

However, GET and POST are equivalently acceptable for interpretation in order to accommodate small people who do not expose TLS/SSL to protect the connection to it.

All forms are HTTP (using port 80) and as of today (2017), there are plenty of good minds for large websites to avoid violating HTTPS (which is the principle of HTTP + Transport Layer Security).

As a bonus, if you use TLS, minimize the risk of your clients to remove the code (ADs), get into your transport without going there.

4 years ago

Do-while loops can also be used for other loops, for example:

This version is easier to read and understand. And arguments for code golf are incorrect because this version has 3 lines of shorter.

In the first place, if you can write down the code that abuses the `break` keyword, you are guilty of practice.

10 years ago

I'm guilty of writing constructs with curly braces sometimes... writing the do--while seemed a bit odd without curly braces (( and )), but in any case there is information about those written with a do --while...

a normal while:

a do-while:

Also, as a practical matter, if you are a vikorist do-while, because simple while just won't do (lol)... copying multiple 2nd level nodes from one document to another using the DOM XML extension

Filters are those that allow themes and plugins to change the behavior of the WordPress core without changing the output files of the WordPress core itself. This article will tell you about how filters and functions work in WordPress and how they are used in your themes and plugins.

Podii

Pods or actions in WordPress are very similar to those in JavaScript. The function is indicated by calling the do_action() function, and the function can be added to any action using the additional function add_action().

At the end of the day, all functions added to the specified order will be completed. It’s easier to understand with the help of a simple butt. There are three functions that output 1, 2 and 3 lines:

Function one() ( echo 1; ) function two() ( echo 2; ) function three() ( echo 3; )

We add functions to subfoo behind the additional function add_action() :

Add_action("foo", "one"); add_action("foo", "two"); add_action("foo", "three");

And we substitute our concept for the additional function do_action() :

Do_action("foo"); // vivede 123

The first argument to the function is the sequence foo - the name of the subdivision. The name can be whatever it is, but to avoid conflicts with other plugins and topics in the authorities, it is better to use a prefix, for example myplugin_foo, so myplugin is not the name of your plugin.

Another argument to the add_action() function is the function that is called at the time the action is finished. Functions within one subsection are assigned in the same order in which they were added to the subsection, except if the function is added to the subsection with a higher or lower priority. About the priorities of the little ones every year.

Well, our example calls the functions one(), two() and three() in order, which is displayed on screen 123. So, we could independently call these functions in that order on the do_action() place, which would give the same result. So what's the point of vikoryism?

It's time to vikorista

Any other plugin or theme can easily add or remove functions from your platform without having to change your plugin's code. This approach will make your plugin more flexible. For example:

/* In another plugin */ function four() ( echo 4; ) remove_action("foo", "three"); add_action("foo", "four");

In this way, if you go to the click of the foo button in your plugin on the right, the screen will no longer display 123, but 124, since the other plugin has seen the three() function from your plugin after the additional remove_action() function and added This is the place for the new function four ( ).

The example from the numbers derived is not the best. In practice, it is easy to come up with ideas for your theme or plugins that could be useful for other plugins, for example:

It is also worth noting that in the very core of WordPress there are more than 1500 filters and filters that can be modified in themes and plugins.

Filter

WordPress filters are very similar to the page. The main responsibility is that the filters measure the values that transmit the skin function, and therefore the skin function must be rotated or change the value. Let's take a look at a simple example:

Function plus_one($value) ( $value = $value + 1; return $value; )

This function takes one argument, adds one to the next one, and rotates the result. We add our function to the new filter using add_filter() :

Add_filter("foo", "plus_one");

Now all the functions added to the filter foo (in our example there is only one function) can be easily called or added to the additional function apply_filters() :

Echo apply_filters("foo", 5); // 6

The apply_filters() function uses another argument to pass the value that is being filtered. This may or may not be transmitted to the skin function associated with the filter, in which case the filter can change the value.

In this window, value 6 will be displayed on the screen, the remainder of value 5 was passed through the plus_one() function, which changed the original value. If you remove the function from the filter using remove_filter() , then the code will have the value 5:

Remove_filter("foo", "plus_one"); echo apply_filters("foo", 5); // 5

So, just like that, the functions of the filters can be added to any other plugin or theme, and the functions are added in the order in which they were added to the filter, after the above or reduced priorities.

Butt of a good filter

Let’s take a closer look at the big picture: a massive array of messages that are sent to our profiles on social media and displayed in the headers of our WordPress themes. IN:

Function get_my_social_profiles() ( $profiles = array("twitter" => "http://twitter.com/wpmagru", "facebook" => "http://facebook.com/wpmagru",); return $profiles; )

The array that rotates can be rotated in a loop in our header.php file:

$profiles = get_my_social_profiles(); foreach ($profiles as $service => $url) ( printf("%s", esc_url($url), $service); )

/* In functions.php */ function get_my_social_profiles() ( $profiles = array("twitter" => "http://twitter.com/wpmagru", "facebook" => "http://facebook.com/wpmagru ",); return apply_filters("my_social_profiles", $profiles); )

Thus, any plugin or child theme can easily create a list of social profiles without affecting the original theme. For example, you can pick up a message on Twitter and add a message to Google+ using the following code in the plugin:

Function change_my_social_profiles($profiles) ( unset($profiles["twitter"]); $profiles["google-plus"] = "https://plus.google.com/+wpmagru"; return $profiles; ) add_filter( "my_social_profiles", "change_my_social_profiles");

Filters and categories in WordPress core

As we already guessed, WordPress has more than 2000 filters and options that can be quickly implemented in plugins and themes in order to change the behavior of the core. Let's take a look at a bunch of butts.

Vimknuti comment

You can turn on commenting on the entire site, and you can carefully adjust the parameters using the following code:

Function my_comments_open() ( return false; ) add_filter("comments_open", "my_comments_open");

The comments_open filter is built into the core of WordPress to check whether open comments are up to date or otherwise. Our function first turns the value false for this filter, so that comments will be hidden.

Before speaking, the WordPress core provides a number of additional functions for working with similar filters:

__return_true() - turns true
__return_false() - returns false
__return_zero() - rotates 0
__return_empty_string() — rotates the empty row
__return_empty_array() - rotates an empty array
__return_null() - returns null

Then our filter on comments_open can be rewritten in one row:

Add_filter("comments_open", "__return_false");

Change the date of automatic quotes

For a dozen automatic quotes, the excerpt_length filter shows:

Function my_excerpt_length($length) ( $length = 10; return $length; ) add_filter("excerpt_length", "my_excerpt_length");

Using the excerpt_more filter, you can change the text that is placed at the end of the automatic quote, following [...]:

Function my_excerpt_more($more) ( $more = "→"; return $more ) add_filter("excerpt_more", "my_excerpt_more");

Add a banner to the skin status

The_content filter is checked before displaying instead of skin statistics. You can go through the filter yourself instead of statistics, so it’s easy to add a banner “for the show” using an additional plugin:

Function my_banner($content) ( $banner = " $content = $banner . $content; return $content; ) add_filter("the_content", "my_banner");

Add favicon.ico to section

The section of the skin is defined as wp_head. At this time, you can send the message to the favicon.ico file, insert additional JavaScript or CSS code and much more:

Function my_favicon() ( echo ""; ) add_action("wp_head", "my_favicon");

Please note that if you need to include external .js or .css files, work with the additional functions wp_enqueue_script() and wp_enqueue_style() under wp_enqueue_scripts instead of directly in wp_head.

The new version of WordPress comes with more and more new filters and options. A list of most filters and functions in the kernel can be viewed on Adam Brown’s website or by scanning the kernel files at “do_action” and “apply_filters”.

Priorities

The functions of adding filters and filters are assigned to the order in which they were added, but the order can be easily changed according to other priorities. The priority is indicated by the third argument to the add_action() and add_filter() functions.

Without an assigned argument, functions up to filters and steps are added according to priority 10. Functions are ranked from lower to higher priority. If the priority is lower, the function is canceled first.

Let's look at the numbers, for example:

Add_action("foo", "one"); add_action("foo", "two"); add_action("foo", "three"); do_action("foo"); // vivede 123

If you change the priority of the three() function to 9, it will finish before others:

Add_action("foo", "one"); add_action("foo", "two"); add_action("foo", "three", 9); do_action("foo"); // vivede 312

In a similar manner, having indicated the priority of the 11th function one() , it ends later than all others, regardless of those that were added first after add_action() :

Add_action("foo", "one", 11); add_action("foo", "two"); add_action("foo", "three", 9); do_action("foo"); // vivede 321

Additional parameters

For a skin function associated with a filter or stage, additional parameters can be easily transferred. Be careful when calling the do_action() or apply_filters() function, for example:

Do_action("foo", $arg1, $arg2, $arg3); $value = apply_filters("foo", $value, $arg1, $arg2, $arg3);

The key point is that when adding a function to a filter or subtype, we need to specify the number of arguments that will be accepted, which is what the fourth parameter to the add_action() and add_filter() functions means.

For example, if a function under foo wants to accept all three arguments, you need to provide 3 as the fourth parameter to add_action() :

Function my_func($arg1, $arg2, $arg3) (...) add_action("foo", "my_func", 10, 3);

Similarly, if the function added to the filter wants to accept $arg1 as an additional argument, we ask add_filter() to pass only two arguments - the first argument $value , and the other additional argument $arg1:

Function my_func($value, $arg1) (...) add_filter("foo", "my_func", 10, 2);

butt

A good example of passing additional arguments is the allow_password_reset filter, which can also be used to prevent password sharing for users:

Add_filter("allow_password_reset", "__return_false");

This is to protect the password sharing for all users on the site, since we need to protect the password sharing only to superadministrators at least (with security measures), we can quickly use an additional argument:

Function my_filter($allow, $user_id) ( if (is_super_admin($user_id)) $allow = false; return $allow; ) add_filter("allow_password_reset", "my_filter", 10, 2);

Note that functions bound to filters can change the first argument passed to the filter. In order for the function to be implemented, you can only change the argument $allow, rather than $user_id.

In order for functions to be able to change more than one argument that is passed, filters (and functions) can quickly pass the changeable objects to PHP, similar to the pre_get_posts function.

OOP, classes, objects and anonymous functions

WordPress theme and plugin vendors often favor an object-oriented programming style, where most code is written within the object rather than in the global space. Because the add_action() and add_filter() functions need to pass not a click function, but an object method, which needs to be passed in a special array format:

Class My_Class ( function __construct() ( add_filter("the_content", array($this, "filter_content"))); ) function filter_content($content) ( // ... return $content; ) ) new My_Class();

In a similar manner, you can pass a static method to a class:

Add_filter("the_content", array("My_Class", "filter_content")); add_filter("the_content", "My_Class::filter_content"); //PHP>=5.2.3

Filters also support anonymous functions, for example:

Add_filter("the_content", create_function("$content", "return $content;")); add_filter("the_content", function($content) ( return $content; )); //PHP>=5.3

We do not recommend using anonymous functions with filters and WordPress sub-functions, since they are difficult to implement (for example, with an additional plugin) and the create_function() function is not cached like bytecode, for example in APC.

Visnovok

Filters and concepts lie at the core of WordPress itself, and working with them requires the user to master themes and plugins, and filters and concepts themselves allow you to expand the core of the popular system.

Developers of themes and plugins for WordPress should not forget about filters and features in their official products in order to make them more modular, flexible and easily changeable using third-party code.

If you have any questions about filters and functions in WordPress, please leave a comment and we will definitely inform you.

Categories
- Android
- Windows 7
- Termini
- OnRoad
- Antivirus
- Smartphone
- Browser
- Windows 10
- Merezha
- I'm a darling!

Popular