Don Alexander Eckford's Secure $_POST form
Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
Cut &Paste The Following:
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
<?php
include('includes/header.php');
// code
// Error Reporting
error_reporting(E_ALL); // set error reporting to all
// Get the script name
$self = basename($_SERVER['SCRIPT_NAME']);
echo('<h1>Don Alexander Eckford\'s Secure $_POST form</h1>');
// Retrieve the method from post if available
$message = isset($_POST['message']) ? $_POST['message'] : '';
// filter all input for Browser output
$message = htmlentities($message, ENT_QUOTES, 'UTF-8');
?>
<!-- Display the submitted message only after POST -->
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST'): ?>
<p>Message: <?= $message; ?></p>
<?php endif; ?>
<form action="<?= $self; ?>" method="POST" >
<table>
<tr>
<td class="right">
Message:
</td>
<td class="left">
<label for="message">Message</label>
<textarea id="message" cols="80" rows="6" name="message">
<?= $message; ?>
</textarea>
</td>
</tr>
</table>
<p>
<input type="submit" name="submit" value="Submit">
</p>
</form>
<p>
Cut &Paste The Following:<br>
<script type="text/javascript"> alert('Danger Will Robinson!!!');</script>
</p>
<form action="form_unsecure.php" method="POST" >
<p>
<input type="submit" name="submit" value="Goto Unsecure Form">
</p>
</form>
<?php
include('includes/footer.php');
?>