rempires Posted December 10, 2006 Share Posted December 10, 2006 i'm making a website that uses hidden field to transport data, sometimes the data is transported multiple times, my problem is that php deletes all the data the 2nd time it's moved, if there is a ' in it, but it only does this in hidden fields... which is why i'm so confused, here are two examples of a est script i made to see if it was my code or somthing php did.test1.php[code]<form enctype="multipart/form-data" action="test2.php" method="POST"><textarea name="personalText" cols="31" rows="5" wrap="virtual"></textarea><input type="submit" name="submit" value="go!"></form>[/code]test2.php[code]<?php //get data for avatar user foreach ($_POST as $field => $value) { ${$field} = $value; }$personalText = stripslashes($personalText);echo "$personalText<p><form enctype='multipart/form-data' action='test2.php' method='POST'><input type='hidden' name='personalText' size='600' value='$personalText'>";?><input type="submit" name="submit" value="go!"></form>[/code]if i were to type in test'n on page one and hit submit the next page would also say test'n but when i hit the submit button again it changes to just testyou can see an example fo this exact script here[url=http://www.revolutionaryempires.uni.cc/test1.php] http://www.revolutionaryempires.uni.cc/test1.php[/url]here is were it gets confusing for me though, if i change the hidden field into [code]<textarea name='personalText' cols='31' rows='5' wrap='virtual'>$personalText</textarea>[/code]then the script does no delete the ' and works fine, i need to use hidden fields though as i don't want the suer seeing the data, please help.thanks in advance, John Quote Link to comment Share on other sites More sharing options...
linuxdream Posted December 10, 2006 Share Posted December 10, 2006 If you don't want the user seeing the data then you should probably look into using session variables. Not sure if the data is going to be super secret but the user can simply view source to see it. Session data cannot be seen by the user so easily. But I would guess that this is not really your problem. Try your test page again and submit a single quote and clock Go. Then in the result page, view the source. You will see that the ' gets interpreted as ending the value argument. In your foreach you need to escape the submitted value like so:[code]<?phpforeach ($_POST as $field => $value) { ${$field} = addslashes($value); }?>[/code] Quote Link to comment Share on other sites More sharing options...
rempires Posted December 10, 2006 Author Share Posted December 10, 2006 actually it's data the suer already entered, nothing secret, i just don't want to display it. With this mode, you can go tot eh test page and see it with that added, it adds the slashes, but then it still deletes the ' and all following data. my server actually automatically adds the / that's why i have the strip tags comment in there. i left the addslashes up as an example.the only confusing thing is it only does this with hidden fields, if this doesn't work i may move them to session variables and see if that works Quote Link to comment Share on other sites More sharing options...
trq Posted December 10, 2006 Share Posted December 10, 2006 The first thing I would do would be remove the enctype='multipart/form-data', unless your uploading files its just not needed.The next things I must ask is are you positive you have surrounded your values in quotes? You have in your examples, but have you in your actual code?Another thing. Have you thought of doing this using sessions? IMO its much neater and if you really don't want your end users to see the data its the only way. Is it stands whats to stop them viewing the source and seeing the data? Quote Link to comment Share on other sites More sharing options...
rempires Posted December 10, 2006 Author Share Posted December 10, 2006 yes, that code is a copy and paste, well i ahve that encytpe because in teh actual page i'm uploading a file, i made this one up as an exaample because it results in the same error and the original page is over 400 lines. the concept and error are the exact same, i may be forced to put it into sessions it looks like :/if i were to use session does anyone know how i could make a loop for session variables like i use for the post data, because i'm moving about 40 pieces of data. Quote Link to comment Share on other sites More sharing options...
trq Posted December 10, 2006 Share Posted December 10, 2006 Now I see your problem. Try turning of damn magic quotes....[code=php:0]ini_set("magic_quotes_gpc",0);[/code] Quote Link to comment Share on other sites More sharing options...
rempires Posted December 10, 2006 Author Share Posted December 10, 2006 doesn't seem to turn them off, still adds the / i jsut copied that code, if i have to be the host to use it i'm not... Quote Link to comment Share on other sites More sharing options...
trq Posted December 10, 2006 Share Posted December 10, 2006 Sorry, it would seem it can only be set from within a local php.ini. Quote Link to comment Share on other sites More sharing options...
rempires Posted December 10, 2006 Author Share Posted December 10, 2006 thanks to all who helped here, majic tags really suck... thanks again i jsut decided to change it to session variables, makes my life and your not having to try and find an answer a lot easier Quote Link to comment Share on other sites More sharing options...
trq Posted December 10, 2006 Share Posted December 10, 2006 I trhink its a neater approuch anyway. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.