Home/ Questions/Q 7551775
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T10:34:59+00:00

I have a problem that I really cannot figure out how to solve. I

  • 0

I have a problem that I really cannot figure out how to solve. I have 2 different pages of the same project. It allows users to create a form and submit it to a different webpage. And there are 2 versions, one that just request the fields types, names and values, and another that allows users to input the full form manually.

So, as my question stated, in the first case it works perfectly, and in the second case it comes back to the same page, and it’s driving me crazy! I will put the code at the end, but now the steps to reproduce the error. So far it’s a page hosted for free as I’m using it for testing purposes:

  1. Go to http://saveyourself.vacau.com/form/

  2. Put this in the fields (this is actually a test account for this page):

    • Page: http://newfutureuniversity.org/
    • Method: “Post”
    • Name 1: “User”
    • Value 1: “User”
    • Type 1: “text”
    • Name 2: “Pass”
    • Value 2: “Password”
    • Type 3: “Password”
    • Name 3: “Login”
    • Value 3: “1”
    • Type 3: “Hidden”.

  3. Press “Show form”, and the form will be displayed

  4. Now see the source code of the page, and copy from “<form...>” to “</form>
  5. Go to this page http://saveyourself.vacau.com/form/manual/ and paste it there.
  6. Press “Show form”, and you should get to EXACTLY the same page as you got after step 3 (check the html, it’s 100% the same, the only change is the address, /manual/).

Now, here is the trick. Despite both pages have exactly the same html, if you press the button “Send form” after step 3, you would be logged into the new page, but if you press the button “Send form” after step 6 (in /form/manual/ ), that page is refreshed and the form that you pasted is deleted. How is this possible? As far as I know, there is no PHP involved here, as when the form is displayed, it’s just plain html and the new page should handle the whole PHP. So, if it receives the same form, it should answer in the same way, right? In the second page it’s not used the “$_SERVER[‘HTTP_REFERER’];” (where the visitor comes from), nor anything similar. Also, there’s 0 javascript. I post now the html in case it helps, and some of the PHP (not to put too much code).

So the question is, does anyone have any idea of why the second form doesn’t work?

Thank you so much.

HTML code (it’s the same in both pages after step 3 or 6):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
        <title>Send form</title>
        <meta content="text/html; charset=utf-8" http-equiv="content-type" />
</head>
<body style="background: #DDFFFF; width: 80%; height:100%; margin: 0 10% 0 10%; text-align: center;">
<h1>Send form</h1>

    <form action="http://newfutureuniversity.org/" method="POST">
        Web page: http://newfutureuniversity.org/<br>
        Method: POST<br><br>
        <table style="margin-left: auto; margin-right: auto;">
                            <tr>
                <td style="text-align: right;">
                User:</td><td><input type='text' name='User' value=''></td>
                </tr>
                                <tr>
                <td style="text-align: right;">
                Pass:</td><td><input type='password' name='Pass' value=''></td>
                </tr>
                                <tr>
                <td style="text-align: right;">
                Login:</td><td><input type='text' name='Login' value='1'></td>
                </tr>
                        </table><br>
        <input type="submit" value="Send form">
    </form>
</body>
</html>

Simplified PHP code from the page working ( http://saveyourself.vacau.com/form/ ):

//Header, body and others go before of this
<?php
if ($_POST['sent']==1&&empty($_POST['source'])) //If form is submited
    {
    $i = 1;
    ?>
    <form action="<?php echo $_POST['page']; ?>" method="<?php echo $_POST['method']; ?>">
        Web page: <?php echo $_POST['page']; ?><br>
        Method: <?php echo $_POST['method']; ?><br><br>
        <table style="margin-left: auto; margin-right: auto;">
            <?php 
            while (!empty($_POST['nam'.$i]))
                { ?>
                <tr>
                <td style="text-align: right;">
                <?php echo $_POST['nam'.$i].":</td><td><input type='".$_POST['typ'.$i]."' name='".$_POST['nam'.$i]."' value='".$_POST['val'.$i]; ?>'></td>
                </tr>
                <?php
                $i++;
                }
            ?>
        </table><br>
        <input type="submit" value="Send form">
    </form>
<?php
    }


elseif (!empty($_POST['source']))   //If user just wants to create a form and see the code
    {
    //I think this bit is irrelevant codereview, so I skipped it.
    }


else        //Body of the first page shown
    { ?>
<form method="post">
    Web page: <input type="text" name="page"> 
    Method to send: <select name="method"><option value="POST">Post</option><option value="GET">Get</option></select><br>

    <table style="border: 1px solid #AAA; margin-left: auto; margin-right: auto;">
        <tr>
            <td>Number</td>
            <td>Name</td>
            <td>Value</td>
            <td>Type</td>
        </tr>
<?php for ($i = 1; $i <= 10; $i++)
    { ?>
        <tr>
            <td><?php echo $i; ?></td>
            <td><input type="text" name="nam<?php echo $i; ?>"></td>
            <td><input type="text" name="val<?php echo $i; ?>"></td>
            <td>
            <select name="typ<?php echo $i; ?>">
                <option value="text">Text</option>
                <option value="password">Password</option>
                <option value="radio">Radio</option>
                <option value="checkbox">Checkbox</option>
                <option value="hidden">Hidden</option>
                <option value="reset">Reset</option>
                <option value="submit">Submit</option>
            </select>
            </td>
        </tr>
    <?php } ?>
    </table><br>

    Don't worry, a submit button is automatically added.<br>
    <input type="hidden" name="sent" value="1">
    <input type="submit" value="Show form">
    <input type="submit" name="source" value="Form code">
    </form><?php } ?>
</body>
</html>

Full PHP code from the page not working ( http://saveyourself.vacau.com/form/manual/ ):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Send form</title>
    <meta content="text/html; charset=utf-8" http-equiv="content-type" />
</head>
<body style="background: #DDFFFF; width: 80%; height:100%; margin: 0 10% 0 10%; text-align: center;">
<h1>Send form</h1>

<?php
if ($_POST['sentbrr']==1)   //If form is submited
    echo stripslashes($_POST['code']);

else    //First time
    { ?>
    <form method="post">
    Enter the code for the form manually<br>
    <textarea name="code" style="width: 100%; min-height: 450px;"></textarea><br>
    <input type="hidden" name="sentbrr" value="1">
    <input type="submit" value="Show form">
    </form>
    <?php
    } ?>

</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Short answer: It’s the browser’s fault (bug?).

    Long answer: Behavior varies in different browsers. After testing on IE9, Firefox, and Safari, this issue seems to be a web-kit bug.
    This hypothesis is also backed by the numerious “form/action” issues reported at crbug.com and bugs.webkit.org

    Research:

    Kypros seems to be right, though the answer is not as obvious.

    If you go to the faulty page (the one that does not send the right “Request URL” when form submitted), and try to inspect it (for instance with “chrome Developer Tools”) you will see that the form “action” attribute is indeed empty.

    This is in contrast with the source code view which shows the attribute is correctly set!

    It seems PHP (or the browser?) is protecting us by eliminating the “action” field from the actual DOM, though I can’t find the reason why anywhere.

    To verify this I changed the code to:

    echo '<form action="http://newfutureuniversity.org/" method="POST">';
echo $_POST['code'];

    ..and pasted in the rest of the form. This submits well. It doesn’t seem to be coming from “stripslashes”. You could also just pass in “action” as another form input (instead of inside “code”) and it also just works:

    echo '<form action="'.$_POST['action'].'" method="POST">';
echo stripcslashes($_POST['code']);

    After I ran the same scenario in IE9 – the “problem” does not seem to exist! This makes me think that browser security is the culprit. Assuming it’s a bug with chrome/web-kit, I opened a bug in crbug.com, updates will be POSTed here.

    • 0