Hi guys,
I have a starnge problem with an app I'm writing.
There are three text boxes to input a date, one for day, one for month and one for year.
When I submit the form, the day and month are returned correctly and stored in the database. However year is wrong - if I input 2005, it returns anything between 2010 and 2018.
I've checked all the code and includes for duplicate field names to no avail.
Any ideas?
something is changing my text input!
Moderator: General Moderators
-
johndoe132
- Forum Newbie
- Posts: 13
- Joined: Thu Sep 30, 2004 5:09 am
-
johndoe132
- Forum Newbie
- Posts: 13
- Joined: Thu Sep 30, 2004 5:09 am
-
johndoe132
- Forum Newbie
- Posts: 13
- Joined: Thu Sep 30, 2004 5:09 am
To me it appears as if you have a problem filtering the data that is posted back to your script.. Don't forget that the image giving the same name as the form is simply a hack around the real problem.
Imho it's better to define a whitelist with allowed values and then extract them from the $_POST variable.
And now you work with $clean instead of $_POST.
Imho it's better to define a whitelist with allowed values and then extract them from the $_POST variable.
Code: Select all
// we allow the name of the form, the name and surname inputs
$allowed = array('submit', 'name', 'surname');
$clean = array();
foreach($allowed as $name)
{
if (isset($_POST[$name])
{
$clean[$name] = $_POST[$name];
}
}Code: Select all
if (isset($clean['submit']))
{
// do stuff with $clean
}