derbyshiresoftware Posted May 14, 2020 Share Posted May 14, 2020 (edited) Hello, Having a problem when putting an xml tag in an input field. The field shows blank in $_POST. Heres some sample code <!doctype html> <html> <head> <meta charset="utf-8"> <title>Untitled Document</title> </head> <body> <?php print_r($_POST); ?> <form method="post" action="" > <input type="text" name="data" value="some data" maxlength="200"/> <input type="submit" name="process"/> </form> </body> </html> If I put <test in the field it shows up blank in the print of POST. I actually want to pass xml in a hidden field, and it wouldnt work. Tracked it down to this problem. Thanks in Advance Edited May 14, 2020 by derbyshiresoftware error Quote Link to comment Share on other sites More sharing options...
gw1500se Posted May 14, 2020 Share Posted May 14, 2020 (edited) It is consider best practice to either leave the action parameter out or if you use it to specify a filename. As an aside, I don't think I've ever seen the method in lower case, it is always POST or GET. Perhaps someone can confirm if that is case sensitive. Also please use the code icon (<>) for your code and select HTML or PHP. Edited May 14, 2020 by gw1500se Quote Link to comment Share on other sites More sharing options...
derbyshiresoftware Posted May 14, 2020 Author Share Posted May 14, 2020 Hello I changed my code to what you said and it doesnt make any difference <!doctype html> <html> <head> <meta charset="utf-8"> <title>Untitled Document</title> </head> <body> <?php print_r($_POST); ?> <form method="POST" > <input type="text" name="data" value="some data" maxlength="200"/> <input type="submit" name="process"/> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
gw1500se Posted May 14, 2020 Share Posted May 14, 2020 (edited) The first time the page is displayed I would expect it to be blank since nothing has been entered yet. Normally that print should only be executed AFTER the submit. if (isset($_POST['process'])) { echo "<pre>"; print_r($_POST); echo "</pre>"; } Edited May 14, 2020 by gw1500se Quote Link to comment Share on other sites More sharing options...
derbyshiresoftware Posted May 14, 2020 Author Share Posted May 14, 2020 (edited) Yes I know thats good practice but it doesn’t work when you put the <text value value in and submit it. I was just trying to keep the code short. Edited May 14, 2020 by derbyshiresoftware Quote Link to comment Share on other sites More sharing options...
derbyshiresoftware Posted May 14, 2020 Author Share Posted May 14, 2020 Could it be a server. Setting? I could swear this used to work? Quote Link to comment Share on other sites More sharing options...
gw1500se Posted May 14, 2020 Share Posted May 14, 2020 It works for me. Array ( [data] => test [process] => Submit Query ) Quote Link to comment Share on other sites More sharing options...
derbyshiresoftware Posted May 14, 2020 Author Share Posted May 14, 2020 If I put in. <test it doesn’t work. Makes me think it could be a server setting if it works for others. It’s the < character it doesn’t like Quote Link to comment Share on other sites More sharing options...
gw1500se Posted May 14, 2020 Share Posted May 14, 2020 Sorry, I didn't realize you meant '<' literally. You need to use htmlspecialchars for that. if (isset($_POST['process'])) { print(htmlspecialchars($_POST['data'])); } Quote Link to comment Share on other sites More sharing options...
derbyshiresoftware Posted May 14, 2020 Author Share Posted May 14, 2020 Thanks. That fixed it. Think the data was being returned, but not displaying properly in debug. Quote Link to comment Share on other sites More sharing options...
Phi11W Posted May 15, 2020 Share Posted May 15, 2020 20 hours ago, derbyshiresoftware said: If I put <test in the field it shows up blank in the print of POST. Is the value actually blank or does your web browser display it as "blank", by trying to interpret the value as HTML? Either escape [the characters in] the value, preventing it from being shown "as" HTML or use your browser's "Developer" tools to examine the value - that will allow you to see "raw" value. Accepting Html-like values in this way can be extremely risky. It's all too easy for a [malicious] client to slip in <script> tags which, if you display them without proper "protection" will execute that script code! Regards, Phill W. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.