something is changing my text input!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
johndoe132
Forum Newbie
Posts: 13
Joined: Thu Sep 30, 2004 5:09 am

something is changing my text input!

Post by johndoe132 »

Hi guys,
I have a starnge problem with an app I'm writing.
There are three text boxes to input a date, one for day, one for month and one for year.
When I submit the form, the day and month are returned correctly and stored in the database. However year is wrong - if I input 2005, it returns anything between 2010 and 2018.
I've checked all the code and includes for duplicate field names to no avail.
Any ideas?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Show us the code.. that allows us to give you concrete hints..
johndoe132
Forum Newbie
Posts: 13
Joined: Thu Sep 30, 2004 5:09 am

Post by johndoe132 »

OK, I've done some digging, changed post to get so I could see what was going on a bit better.
It turns out that my <input type="image" src="go.gif"> was adding variables - x and y. I can only guess these are positioning. Is there any way to stop this happening?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I'm affraid you can't change this, as it's supposed to work like this (It's already like this since html2.0, meaby even earlier...)
johndoe132
Forum Newbie
Posts: 13
Joined: Thu Sep 30, 2004 5:09 am

Post by johndoe132 »

Ok, thanks for the quick response. I got round the problem by adding name="submit" to the tag, which means the x and y variables are now submitted like this:
submit.x=14&submit.y=18
Not ideal, but it works.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

To me it appears as if you have a problem filtering the data that is posted back to your script.. Don't forget that the image giving the same name as the form is simply a hack around the real problem.

Imho it's better to define a whitelist with allowed values and then extract them from the $_POST variable.

Code: Select all

// we allow the name of the form, the name and surname inputs
$allowed = array('submit', 'name', 'surname');
$clean = array();
foreach($allowed as $name)
{
  if (isset($_POST[$name])
  {
    $clean[$name] = $_POST[$name];
  }
}
And now you work with $clean instead of $_POST.

Code: Select all

if (isset($clean['submit']))
{
  // do stuff with $clean
}
Post Reply