PHP, ampersands, and POST forms

[mugs]

I've got a form in PHP with a textbox called Name. Anytime someone puts an ampersand in the name box, I get nothing in $_POST["Name"] on the page that receives the form. If there is no ampersand in Name, $_POST["Name"] works correctly. Is there any way I can access the POST string directly as a string, rather than as an array so I can try to figure this out?

Edit: I'm also using this form to upload a file to the server, so the form tag includes enctype="multipart/form-data". I've determined that if I take that out, it works fine. I can't take that out though. So... any ideas?

 

[Modeps]

If your ini file is configured for it, $Name should return the string posted.

 

[mugs]

Originally posted by: Modeps
If your ini file is configured for it, $Name should return the string posted.

That's a separate issue, I use $_POST["Name"] for security reasons. Either way, it's the same variable, and it doesn't contain the user's entry IF AND ONLY IF they have an ampersand in their entry AND the form tag includes enctype="multipart/form-data"

 

[Modeps]

Oh, I misunderstood. That's kind of odd... why would they put an ampersand in their name?

Maybe like "Jim & Barbara"?

Sorry, I dont have an answer for ya on this one

 

[ugh]

I've tried the exact same thing using PHP5 and everything works fine even with enctype="multipart/form-data" set. Mind posting some of yer codes?

 

[mugs]

Yeah, I've determined that it most likely has absolutely nothing to do with the ampersand, it was just a strange coincidence that it affected every record we tried that had an ampersand in it. I'd post the code, but I'd have to post a LOT of code plus two very large records from the database, because at this point the bug could be anywhere. I'll update if I narrow it down a bit.

 

[stndn]

if you put "a & b" in the name field, what does it become? or it is simply gone?
try htmlspecialchars($_POST['Name']), perhaps?
(random blind shot in the dark)

By the way, you're also making sure that there's only one form widget with the name="Name", right?
And the file upload field is not names as "Name" as well, right?
(although it should go to $_FILES instead of $_POST anyway).

< input type = "text" name = "Name" value = "">

 

[mugs]

Anyone have an answer to my original question - how to I access the POST string directly as a string, not an array?

And could anyone tell me under what conditions an element will NOT be created in the $_POST array? If the field is empty it should still create the element, but it'd be empty.

 

[mugs]

Originally posted by: stndn
if you put "a & b" in the name field, what does it become? or it is simply gone?
try htmlspecialchars($_POST['Name']), perhaps?
(random blind shot in the dark)

By the way, you're also making sure that there's only one form widget with the name="Name", right?
And the file upload field is not names as "Name" as well, right?
(although it should go to $_FILES instead of $_POST anyway).

< input type = "text" name = "Name" value = "">

htmlspecialchars($_POST["Name"]) wouldnt' work, because $_POST["Name"] doesn't exist.

Yes I made sure there's only one widget with name="Name", but I'll try changing the name just in case. It does work for some records though, which is odd. The only common demoninator between the names that don't work is the ampersand, but we figured out that for some records the & works.

 

[mugs]

Changing the name did not work.

 

[mugs]

Well, we resolved the issue by putting a hidden field before the Name field. Seems that in certain cases it's just lopping off the first field in the POST string. Why? I don't know.

 

[ugh]

Originally posted by: mugs
Anyone have an answer to my original question - how to I access the POST string directly as a string, not an array?

By this, I'm assuming that you'd like to use $Name to refer to your form elements highlighted by Modeps. You can do this by turning on the "register globals" setting in your .htaccess file or your php.ini file. However, doing so is NOT recommended. That's why as of PHP 4.2.0, this directive has been defaulted to OFF. Go through the PHP manual for more info. I recommend d/lding the CHM version for quick searching.

And could anyone tell me under what conditions an element will NOT be created in the $_POST array? If the field is empty it should still create the element, but it'd be empty.

Anything you define within a form will be in that array even if it's empty. Just do a empty() on the variable to determine if it has any value in it before processing.

 

[ugh]

Originally posted by: mugs
Well, we resolved the issue by putting a hidden field before the Name field. Seems that in certain cases it's just lopping off the first field in the POST string. Why? I don't know.

Just thought of something, try debugging the form POST values by adding this line of code:

print_r($_POST);

See what it prints out. Hopefully this'll point you to the right direction.

 

[mugs]

Originally posted by: ugh

Originally posted by: mugs
Well, we resolved the issue by putting a hidden field before the Name field. Seems that in certain cases it's just lopping off the first field in the POST string. Why? I don't know.

Just thought of something, try debugging the form POST values by adding this line of code:

print_r($_POST);

See what it prints out. Hopefully this'll point you to the right direction.

Been doing that from the get-go, that's how I figured out the Name field wasn't part of that array.

 

[mugs]

Originally posted by: ugh

Originally posted by: mugs
Anyone have an answer to my original question - how to I access the POST string directly as a string, not an array?

By this, I'm assuming that you'd like to use $Name to refer to your form elements highlighted by Modeps. You can do this by turning on the "register globals" setting in your .htaccess file or your php.ini file. However, doing so is NOT recommended. That's why as of PHP 4.2.0, this directive has been defaulted to OFF. Go through the PHP manual for more info. I recommend d/lding the CHM version for quick searching.

No, I want to see the entire unadulterated virgin post string.
e.g.:
Name=Some+guy&Otherfield=foo+bar&so=on&sow=forth

(I have the CHM version of the manual btw, I'm not a PHP noob, this is just a really perplexing bug)

And could anyone tell me under what conditions an element will NOT be created in the $_POST array? If the field is empty it should still create the element, but it'd be empty.

Anything you define within a form will be in that array even if it's empty. Just do a empty() on the variable to determine if it has any value in it before processing.

That's my understanding, and yet... it's not there.

 

[ugh]

Originally posted by: mugs

Originally posted by: ugh

Originally posted by: mugs
Well, we resolved the issue by putting a hidden field before the Name field. Seems that in certain cases it's just lopping off the first field in the POST string. Why? I don't know.

Just thought of something, try debugging the form POST values by adding this line of code:

print_r($_POST);

See what it prints out. Hopefully this'll point you to the right direction.

Been doing that from the get-go, that's how I figured out the Name field wasn't part of that array.

That's awesome Hope you've solved that problem

 

[statik213]

make sure you quote the name field in your html.... 'cos name is also a reserved word,

i.e. <input type='..' id='...' name='name'>

also, check to see that the problem is not limited to the browser, i.e. test it w/ IE and firefox....