Jump to content

Form Problem


Recommended Posts

Hello,

Having a problem when putting an xml tag in an input field. The field shows blank in $_POST. Heres some sample code

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
    
<body>
    <?php print_r($_POST);
    ?>
<form method="post" action="" >
    <input type="text" name="data" value="some data" maxlength="200"/>
    <input type="submit" name="process"/>
</form>
</body>
</html>

 

If I put <test in the field it shows up blank in the print of POST.

I actually want to pass xml in a hidden field, and it wouldnt work. Tracked it down to this problem.

Thanks in Advance

Edited by derbyshiresoftware
error
Link to comment
Share on other sites

It is consider best practice to either leave the action parameter out or if you use it to specify a filename. As an aside, I don't think I've ever seen the method in lower case, it is always POST or GET. Perhaps someone can confirm if that is case sensitive.

Also please use the code icon (<>) for your code and select HTML or PHP.

Edited by gw1500se
Link to comment
Share on other sites

Hello

I changed my code to what you said and it doesnt make any difference

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
    
<body>
    <?php print_r($_POST);
    ?>
<form method="POST" >
    <input type="text" name="data" value="some data" maxlength="200"/>
    <input type="submit" name="process"/>
</form>
</body>
</html>

 

Link to comment
Share on other sites

The first time the page is displayed I would expect it to be blank since nothing has been entered yet. Normally that print should only be executed AFTER the submit.

if (isset($_POST['process'])) {
   echo "<pre>";
   print_r($_POST);
   echo "</pre>";
}

 

Edited by gw1500se
Link to comment
Share on other sites

20 hours ago, derbyshiresoftware said:

If I put <test in the field it shows up blank in the print of POST.

Is the value actually blank or does your web browser display it as "blank", by trying to interpret the value as HTML

Either escape [the characters in] the value, preventing it from being shown "as" HTML or use your browser's "Developer" tools to examine the value - that will allow you to see "raw" value. 

Accepting Html-like values in this way can be extremely risky.  It's all too easy for a [malicious] client to slip in <script> tags which, if you display them without proper "protection" will execute that script code!  

Regards, 
   Phill  W.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.