Page 1 of 1
something is changing my text input!
Posted: Sat Jul 30, 2005 7:47 am
by johndoe132
Hi guys,
I have a starnge problem with an app I'm writing.
There are three text boxes to input a date, one for day, one for month and one for year.
When I submit the form, the day and month are returned correctly and stored in the database. However year is wrong - if I input 2005, it returns anything between 2010 and 2018.
I've checked all the code and includes for duplicate field names to no avail.
Any ideas?
Posted: Sat Jul 30, 2005 7:53 am
by timvw
Show us the code.. that allows us to give you concrete hints..
Posted: Sat Jul 30, 2005 7:55 am
by johndoe132
OK, I've done some digging, changed post to get so I could see what was going on a bit better.
It turns out that my <input type="image" src="go.gif"> was adding variables - x and y. I can only guess these are positioning. Is there any way to stop this happening?
Posted: Sat Jul 30, 2005 8:29 am
by timvw
I'm affraid you can't change this, as it's supposed to work like this (It's already like this since html2.0, meaby even earlier...)
Posted: Sat Jul 30, 2005 8:34 am
by johndoe132
Ok, thanks for the quick response. I got round the problem by adding name="submit" to the tag, which means the x and y variables are now submitted like this:
submit.x=14&submit.y=18
Not ideal, but it works.
Posted: Sat Jul 30, 2005 9:32 am
by timvw
To me it appears as if you have a problem filtering the data that is posted back to your script.. Don't forget that the image giving the same name as the form is simply a hack around the real problem.
Imho it's better to define a whitelist with allowed values and then extract them from the $_POST variable.
Code: Select all
// we allow the name of the form, the name and surname inputs
$allowed = array('submit', 'name', 'surname');
$clean = array();
foreach($allowed as $name)
{
if (isset($_POST[$name])
{
$clean[$name] = $_POST[$name];
}
}
And now you work with $clean instead of $_POST.
Code: Select all
if (isset($clean['submit']))
{
// do stuff with $clean
}