Tek Eye Logo

Tek Eye

Get URL in HTML for PHP Backlink

The Tek Eye article Simple HTML Contact Form for PHP Based Website showed how to process HTML form data in a PHP form handler script. To help with visitor site navigation it can be useful to provide a backlink to the web page used to submit the form, for example if the form is at the end of an article. This tutorial shows how to pass the web page URL to the form handler and use it as a link back to the submitting web page.

PHP Logo

Note: If the code in this article was tested on a live website, then remove it once the testing has finished. It needs further code to protect from abuse, for example some form of anti-bot check, such as CAPTCHA. There is a Tek Eye article reCAPTCHA Code to Download for Demo and Test for an example of implementing Google's reCAPTCHA.

Add the Web Page URL to a Hidden Form Field

This article uses the simple HTML form from the Tek Eye article Simple HTML Contact Form for PHP Based Website. A hidden HTML input field is added and its value is set to the HTML DOM URL property (document.URL). Therefore, an input field is added to the HTML, it's type is set hidden and it is named referer, with an id set to source:

<input type="hidden" name="referer" id="source" value="">

The script to set the value is:

<script type="text/javascript">
    document.getElementById('source').setAttribute('value', document.URL);
 </script>

Here is the complete web page with the HTML form that has the above hidden input and script to set the value:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title>HTML Form Demo</title>      
    </head>
    <body>
        <h1>Send a comment or question...</h1>
        <form action="handle-form.php" method="post">
            <div>
                <input type="hidden" name="referer" id="source" value="test">
                <script type="text/javascript">
                    document.getElementById('source').setAttribute('value', document.URL);
                </script>
                <label style="width: 60px; display: inline-block;">Name:</label>
                <input type="text" name="name" maxlength="50" required="">
            </div>
            <div style="margin-top:1em;">
                <label style="width: 60px;">Message:</label>
                <textarea style="vertical-align: top;" name="message"
                          cols="70" rows="4"
                          maxlength="1000" required=""></textarea>
            </div>
            <input type="submit" value="Send">
        </form>
    </body>
</html>

He is the form in action:

HTML Feedback Form

Set the Backlink in PHP

The PHP form handler can now read the referer value and set a backlink:

if(isset($_POST['referer']))
    echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';

Here us the full PHP handler code:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8" />
        <title>HTML Form Demo</title>
    </head>
    <body>
        <p>Processing feedback...</p>
        <?php 
        if(isset($_POST['name']))
            echo "<p>Welcome ".$_POST['name']."</p>";
        if(isset($_POST['message']))
            echo "<p>Your message is: ".$_POST['message']."</p>";
        if(isset($_POST['referer']))
            echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';
        ?>
     </body>
</html>

Add Extra Safety Checks

To help prevent abuse of the website, the PHP code can check that the referer field is set to a web page address in the same domain as the handler script. There are commonly two ways to get the domain for the handler script, either via $_SERVER['HTTP_HOST'] or via $_SERVER['SERVER_NAME'], however, the PHP documentation on these values mentions issues. For SERVER_NAME it states "this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts". For the HTTP_HOST value is says "Contents of the Host: header from the current request, if there is one", notice the last part - if there is one. For both these reasons there may be occasions $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] may not be relied upon. There is more on the issue in the articles SERVER_NAME Versus HTTP_HOST and HTTP_HOST and SERVER_NAME Security Issues, and in the latter the solution is straightforward, use a hardcoded domain variable. This makes sense, when the web site is configured the domain variable can be hard coded as it will not change anyway.

The domain for the referer field is extracted using the PHP parse_url function and is tested against the hard coded server domain. In this code the domain would be changed from example.com to the domain of your website, and for local testing changed to localhost:

if(isset($_POST['referer'])) {
    $domain='example.com';
    $referer_domain=parse_url($_POST['referer'],PHP_URL_HOST);
    if($referer_domain==$domain)
        echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';
}

Here is the final PHP handler code:

<!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="utf-8" />
        <title>HTML Form Demo</title>
    </head>
    <body>
        <p>Processing feedback...</p>
        <?php 
        if(isset($_POST['name']))
            echo "<p>Welcome ".$_POST['name']."</p>";
        if(isset($_POST['message']))
            echo "<p>Your message is: ".$_POST['message']."</p>";
        if(isset($_POST['referer'])) {
            $domain='example.com';
            $referer_domain=parse_url($_POST['referer'],PHP_URL_HOST);
            if($referer_domain==$domain)
                echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';
        }
        ?>
     </body>
</html>

Here is the result of the PHP form handler code:

HTML Feedback

When the code from the feedback form has been received, it can be checked (known as sanitizing) for further processing, for example, generating an email.

See Also

Comments

On 11th August 2020 - Smart Rahuljackson said: This is a really helpful post, thanks for sharing your knowledge. Thanks for your article.

Author:  Published:  Updated:  

ShareSubmit to TwitterSubmit to FacebookSubmit to LinkedInSubmit to redditPrint Page

Do you have a question or comment about this article?

(Alternatively, use the email address at the bottom of the web page.)

 This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

markdown CMS Small Logo Icon ↓markdown↓ CMS is fast and simple. Build websites quickly and publish easily. For beginner to expert.


Articles on:

Android Programming and Android Practice Projects, HTML, VPS, Computing, IT, Computer History, ↓markdown↓ CMS, C# Programming, Using Windows for Programming


Free Android Projects and Samples:

Android Examples, Android List Examples, Android UI Examples



Tek Eye Published Projects