Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Multipart/form-data enctype drops variable with ampersand on POST

Posted on 2005-04-29
6
Medium Priority
?
1,289 Views
Last Modified: 2013-11-19
We have a "member profile" page that users can login to and edit any values that we have stored in the database.  We load the values into an array from the database and display them on the form for editing.

Sample of current HTML used:

<form action="submission_form_db.php" method="POST" enctype="multipart/form-data">
  <intput type="name" value="......value from database....">
  ..... (other input fields)....
   ..... (image upload field as well).....
</form>

When I submit this form and do a print_r($POST) it completely removes the 'name' variable from the POST array and doesn't display it.  After trial and error I found that the problem only occurs if the the name value from the database has an ampersand (&) in it.  If the name value from the database does NOT have an ampersand, the POST submission works perfectly and the 'name' POST var stays in tact.  Also, if the original value does NOT have an ampersand, but then during editing I add an ampersand and submit, it STILL updates perfectly.  So the problem is only occuring when the original value has an ampersand (and the problem still occurs if I delete the ampersand from the field and then submit).

To me, it makes no sense.  And to make matters more confusing, if we remove the enctype from the FORM tag it works perfectly!  So it's something with the ampersand and the enctype.

PHP Version 4.3.4
Apache/1.3.29
MySQL 3.23.56

Any help?

Edit: When we pull the data out of the database and populate the form that is posting to the problem page, we replace ampersands with &amp;, so that's not the problem.
0
Comment
Question by:djs120
  • 4
6 Comments
 
LVL 6

Accepted Solution

by:
German_Rumm earned 1500 total points
ID: 13894723
Hi djs120,

Ampersand is a special HTML character, you should replace it with HTML entity, for example:
<input type="text" name="name" value="<?=htmspecialchars($value)?>" />

This is a good idea to use htmlspecialchars() or even htmlentitites(), imagine what would happen if the 'name' contains quotes.

Links:
http://ee.php.net/htmlentities
http://ee.php.net/manual/en/function.htmlspecialchars.php
---
German Rumm.
0
 
LVL 1

Author Comment

by:djs120
ID: 13894780
I tried the htmlspecialchars and still no luck.  But I just had a new revelation... I edited the member's record in the database and changed the 'name' field to remove the ampersand and put the word 'AND' in there.  Then I tried again, and it still errors out.  So maybe it isn't the ampersand, but something else?  It just seems so bizarre.
0
 
LVL 1

Author Comment

by:djs120
ID: 13895136
Well, I solved the issue, but have NO idea why it was happening.  I finally found out that PHP was dropping the first value of the POST array for some reason.  I added the following right before the first intput tag:

<input type="hidden" name="junk" value="">

And that solved the problem.  When I print_r($POST) the junk value does not show up, but at least our name value does.

I am still interested in understanding why and how this could be happening.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Expert Comment

by:hanj
ID: 13896785
Do you have a syntax error in one of the form fields above? Meaning.. did you forget to close a quote in one of the form fields?

HTH
hanji
0
 
LVL 1

Author Comment

by:djs120
ID: 13896936
Nope, no syntax errors or missing brackets.
0
 
LVL 1

Author Comment

by:djs120
ID: 14048469
Never got a solution... oh well.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month20 days, 17 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question