Get URL in HTML for PHP Backlink
The Tek Eye article Simple HTML Contact Form for PHP Based Website showed how to process HTML form data in a PHP form handler script. To help with visitor site navigation it can be useful to provide a backlink to the web page used to submit the form, for example if the form is at the end of an article. This tutorial shows how to pass the web page URL to the form handler and use it as a link back to the submitting web page.
Note: If the code in this article was tested on a live website, then remove it once the testing has finished. It needs further code to protect from abuse, for example some form of anti-bot check, such as CAPTCHA. There is a Tek Eye article reCAPTCHA Code to Download for Demo and Test for an example of implementing Google's reCAPTCHA.
Add the Web Page URL to a Hidden Form Field
This article uses the simple HTML form from the Tek Eye article Simple HTML Contact Form for PHP Based Website. A hidden HTML input field is added and its value is set to the HTML DOM URL property (document.URL). Therefore, an input field is added to the HTML, it's type is set hidden and it is named referer, with an id set to source:
<input type="hidden" name="referer" id="source" value="">The script to set the value is:
<script type="text/javascript">
document.getElementById('source').setAttribute('value', document.URL);
</script>Here is the complete web page with the HTML form that has the above hidden input and script to set the value:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>HTML Form Demo</title>
</head>
<body>
<h1>Send a comment or question...</h1>
<form action="handle-form.php" method="post">
<div>
<input type="hidden" name="referer" id="source" value="test">
<script type="text/javascript">
document.getElementById('source').setAttribute('value', document.URL);
</script>
<label style="width: 60px; display: inline-block;">Name:</label>
<input type="text" name="name" maxlength="50" required="">
</div>
<div style="margin-top:1em;">
<label style="width: 60px;">Message:</label>
<textarea style="vertical-align: top;" name="message"
cols="70" rows="4"
maxlength="1000" required=""></textarea>
</div>
<input type="submit" value="Send">
</form>
</body>
</html>He is the form in action:
Set the Backlink in PHP
The PHP form handler can now read the referer value and set a backlink:
if(isset($_POST['referer']))
echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';Here us the full PHP handler code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>HTML Form Demo</title>
</head>
<body>
<p>Processing feedback...</p>
<?php
if(isset($_POST['name']))
echo "<p>Welcome ".$_POST['name']."</p>";
if(isset($_POST['message']))
echo "<p>Your message is: ".$_POST['message']."</p>";
if(isset($_POST['referer']))
echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';
?>
</body>
</html>Add Extra Safety Checks
To help prevent abuse of the website, the PHP code can check that the referer field is set to a web page address in the same domain as the handler script. There are commonly two ways to get the domain for the handler script, either via $_SERVER['HTTP_HOST'] or via $_SERVER['SERVER_NAME'], however, the PHP documentation on these values mentions issues. For SERVER_NAME it states "this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts". For the HTTP_HOST value is says "Contents of the Host: header from the current request, if there is one", notice the last part - if there is one. For both these reasons there may be occasions $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] may not be relied upon. There is more on the issue in the articles SERVER_NAME Versus HTTP_HOST and HTTP_HOST and SERVER_NAME Security Issues, and in the latter the solution is straightforward, use a hardcoded domain variable. This makes sense, when the web site is configured the domain variable can be hard coded as it will not change anyway.
The domain for the referer field is extracted using the PHP parse_url function and is tested against the hard coded server domain. In this code the domain would be changed from example.com to the domain of your website, and for local testing changed to localhost:
if(isset($_POST['referer'])) {
$domain='example.com';
$referer_domain=parse_url($_POST['referer'],PHP_URL_HOST);
if($referer_domain==$domain)
echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';
}Here is the final PHP handler code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>HTML Form Demo</title>
</head>
<body>
<p>Processing feedback...</p>
<?php
if(isset($_POST['name']))
echo "<p>Welcome ".$_POST['name']."</p>";
if(isset($_POST['message']))
echo "<p>Your message is: ".$_POST['message']."</p>";
if(isset($_POST['referer'])) {
$domain='example.com';
$referer_domain=parse_url($_POST['referer'],PHP_URL_HOST);
if($referer_domain==$domain)
echo '<a href="'.$_POST['referer'].'">Please click here to return to the previous page.</a>';
}
?>
</body>
</html>Here is the result of the PHP form handler code:
When the code from the feedback form has been received, it can be checked (known as sanitizing) for further processing, for example, generating an email.
See Also
- Install PHP on Windows with Web Platform Installer
- Simple HTML Contact Form for PHP Based Website
- PHP Sanitize POST Data, Clean Up Input
- PHP parse_url function
- reCAPTCHA Code to Download for Demo and Test
- PHP Mail Script for Testing Email Sending
- For a full list of all the articles in Tek Eye see the full site alphabetical Index.
Comments
On 11th August 2020 - Smart Rahuljackson said: This is a really helpful post, thanks for sharing your knowledge. Thanks for your article.
Author:Daniel S. Fowler Published: Updated:
