Send data to another page or send it to another page?

Asked

Viewed 110 times

2

I wonder if it is better, for example, to have a form in which the action is set to another page, or if it is recommended to send the data to the page itself with the action="<?php echo $_SERVER['PHP_SELF']?>".

If you have not understood, it would be more or less like this, I must use which of these two methods:

Send to same page:

<form name="login_form" action="<?php echo $_SERVER['PHP_SELF']?>" method="post" id="login_form">

And then at the top I do a check:

if(isset($_POST['logar'])): 
//Código
endif;

Or should I:

Send to another page:

<form name="login_form" action="checarLogin.php" method="post" id="login_form">

And do the validation and sanitization on that specific page.

With better, I ask about safety, speed, and feasibility as well.

php
  • 1

    I believe that in terms of performance, it would be the same, security as well. But in matters of code organization it would be much better for you to separate, to make your code more readable.

  • 1

    Never use action="<?php echo $_SERVER['PHP_SELF']?>", this is creates a vulnerability by XSS, if it is on the same page specify it for example "login.php" and not $_SERVER['PHP_SELF'] or if you still want to use the PHP_SELF utilize htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");!

  • Thanks for the personal tips

1 answer

2


Sending to another script tends to make your code more organized, making it more viable for future editions.

In the matter of speed the less redirects the faster it will be, but just one more redirect will not change much depending on what you are trying to do.

And in matters of security in my opinion this kind of thing does not influence.

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.