Page 1 of 1

variable truncated in $_POST[$var]

Posted: Sun Nov 19, 2006 1:00 pm
by gyszilagyi
I'm submitting a form where the input name is a string variable:

Code: Select all

echo ("<input type='text' size='20' length='60' name='$var' value=''>");
I'm using the following code to access the submitted form:

Code: Select all

$result = $_POST[$var];
This works fine as long as $var does not include spaces. For example if

Code: Select all

$var = "anything";
the script works. However, if

Code: Select all

$var = "anything at all";
the script fails (i.e. $result stays empty).

I guess $var gets truncated, but I couldn't find a way to prevent this.

Any help is appreciated!

Posted: Sun Nov 19, 2006 1:23 pm
by John Cartwright
I don't get it,

Code: Select all

$_POST['foo bar'] = 'I worked fine';

$foobar = 'foo bar';

echo $_POST[$foobar];
works fine for me.. where exactly does your $var come from?

Posted: Sun Nov 19, 2006 2:06 pm
by gyszilagyi
$var comes from a database and is used as the name of an input field in a form.

Here is the code in more detail:

Code: Select all

//Read Product & Service Names from the "products_services" table
$query = "SELECT * FROM products_services WHERE enabled='1'";
$result = mysql_query($query) or die ($ERROR_MSG . mysql_error());

//Display the form
echo ("<form name='sales_targets' method='post' action='frm_sales_targets.php'>");
	
while($row = mysql_fetch_array( $result )) {

	$product_service_name = $row['product_service_name'];
	
	echo ("<table>");
        echo ("<tr>");
	echo ("<td bgcolor='#FFCCCC' valign='middle'><div align='right' class='gen_text'>$product_service_name</div></td>");
	echo ("<td bgcolor='#E9E9E9'><input type='text' size='20' length='60' name='$product_service_name' value=''></td>");
	echo ("</tr>");
        echo ("</table>");
		
	}

echo ("<p align='center'><input type='submit' name='action_button' value='$LNG2810'></p>");
echo ("</form>");
And the part where the submit goes:

Code: Select all

//Read Product & Service Names from the "products_services" table
$query = "SELECT * FROM products_services WHERE enabled='1'";
$result = mysql_query($query) or die ($ERROR_MSG . mysql_error());
						
//Starting the WHILE loop that assignes the Sales Targets entered by the user to the appropriate Product/Service
while($row = mysql_fetch_array( $result )) {

	$product_service_name = $row['product_service_name'];
	
	$sales_target = $_POST[$product_service_name];
		
	echo ("sales target for");
	echo $product_service_name;
	echo (":");
	echo $sales_target;
							
}

Posted: Sun Nov 19, 2006 4:13 pm
by volka
Take a look at the values in POST

Code: Select all

echo '<pre>POST: '; var_export($_POST); echo "</pre>\n";

//Starting the WHILE loop that assignes the Sales Targets entered by the user to the appropriate Product/Service
while($row = mysql_fetch_array( $result )) {

Posted: Sun Nov 19, 2006 4:26 pm
by gyszilagyi
This is what I get:
POST: array (
'Test_Product_1' => '159',
'Test_Product_2' => '456',
'Test' => '789',
'action_button' => 'Save Sales Targets',
)
This looks fine, the only strange thing is that there are underlines between the words whereas these should be just spaces ('Test_Product_1' instead of 'Test Product 1'), although it might be normal that this is how they are echoed.

However, the script I posted returns the value only for 'Test', and doesn't return anything for 'Test Product 1' or 'Test Product 2'.

Thanks indeed for looking into this.

If looking at the application helps, this is the link: http://theplumber.whsites.net/test/theplumber. Log in as "admin", "admin", then go to the Control Panel and choose Sales Targets.

Posted: Sun Nov 19, 2006 5:21 pm
by volka
If var_export() prints it as Test_Product_1 then you have to access the element as $_POST['Test_Product_1'].

Posted: Sun Nov 19, 2006 5:26 pm
by visonardo
dont forget to use urlencode and urldecode when you are passing data by GET. If you dont use those functions perhaps somecharacters will be lose or addeda '_'.

Posted: Sun Nov 19, 2006 5:44 pm
by gyszilagyi
That's exactly my probelm: 'Test Product 1' is the result of a database query. $product_service_name should equal 'Test Product 1' (without underlines). Since this is a user-defined variable, I can't actually use $_POST['Test Product 1'], I have to use $_POST[$product_service_name], which apparently doesn't work, maybe beacuse somehow underlines appear where spaces should be...

:(

Posted: Sun Nov 19, 2006 6:02 pm
by John Cartwright

Code: Select all

$product_service_name = str_replace('_', ' ', $product_service_name);
as a bandaid approach, although you definantly should look into better designing this..

Posted: Sun Nov 19, 2006 6:18 pm
by gyszilagyi
It works! :D

I realise that this is anything but elegant, but I guess you could see from the code I posted that I'm no expert, so as long as it works I'm happy! I guess these added underlines have something to do with using '$var' as the name of a form element, although I have no idea what...

Thanks a lot for taking the time to help me, I really appreciate it!

Posted: Sun Nov 19, 2006 7:39 pm
by volka
gyszilagyi wrote:I guess these added underlines have something to do with using '$var' as the name of a form element, although I have no idea what...
no, php replaces spaces by underscores in all GET/POST parameter names.

Code: Select all

<html>
	<head>
		<title>...</title>
	</head>
	<body>
		<pre><?php
		echo 'query string: ', $_SERVER['QUERY_STRING'], "\n";
		echo 'urldecode(query string): ', urldecode($_SERVER['QUERY_STRING']), "\n";
		echo 'GET: '; print_r($_GET); ?></pre>
		<a href="<?php echo $_SERVER['PHP_SELF']; ?>?a%20b=xyz">reload</a>
	</body>
</html>
query string: a%20b=xyz
urldecode(query string): a b=xyz
GET: Array
(
[a_b] => xyz
)

Posted: Mon Nov 20, 2006 4:06 am
by gyszilagyi
I see... Good to know, now I understand what's happening! Thanks again...