Multipart/form-data enctype drops variable with ampersand on POST

We have a "member profile" page that users can login to and edit any values that we have stored in the database.  We load the values into an array from the database and display them on the form for editing.

Sample of current HTML used:

<form action="submission_form_db.php" method="POST" enctype="multipart/form-data">
  <intput type="name" value="......value from database....">
  ..... (other input fields)....
   ..... (image upload field as well).....
</form>

When I submit this form and do a print_r($POST) it completely removes the 'name' variable from the POST array and doesn't display it.  After trial and error I found that the problem only occurs if the the name value from the database has an ampersand (&) in it.  If the name value from the database does NOT have an ampersand, the POST submission works perfectly and the 'name' POST var stays in tact.  Also, if the original value does NOT have an ampersand, but then during editing I add an ampersand and submit, it STILL updates perfectly.  So the problem is only occuring when the original value has an ampersand (and the problem still occurs if I delete the ampersand from the field and then submit).

To me, it makes no sense.  And to make matters more confusing, if we remove the enctype from the FORM tag it works perfectly!  So it's something with the ampersand and the enctype.

PHP Version 4.3.4
Apache/1.3.29
MySQL 3.23.56

Any help?

Edit: When we pull the data out of the database and populate the form that is posting to the problem page, we replace ampersands with &amp;, so that's not the problem.
LVL 1
djs120Asked:
Who is Participating?
 
German_RummCommented:
Hi djs120,

Ampersand is a special HTML character, you should replace it with HTML entity, for example:
<input type="text" name="name" value="<?=htmspecialchars($value)?>" />

This is a good idea to use htmlspecialchars() or even htmlentitites(), imagine what would happen if the 'name' contains quotes.

Links:
http://ee.php.net/htmlentities
http://ee.php.net/manual/en/function.htmlspecialchars.php
---
German Rumm.
0
 
djs120Author Commented:
I tried the htmlspecialchars and still no luck.  But I just had a new revelation... I edited the member's record in the database and changed the 'name' field to remove the ampersand and put the word 'AND' in there.  Then I tried again, and it still errors out.  So maybe it isn't the ampersand, but something else?  It just seems so bizarre.
0
 
djs120Author Commented:
Well, I solved the issue, but have NO idea why it was happening.  I finally found out that PHP was dropping the first value of the POST array for some reason.  I added the following right before the first intput tag:

<input type="hidden" name="junk" value="">

And that solved the problem.  When I print_r($POST) the junk value does not show up, but at least our name value does.

I am still interested in understanding why and how this could be happening.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
hanjCommented:
Do you have a syntax error in one of the form fields above? Meaning.. did you forget to close a quote in one of the form fields?

HTH
hanji
0
 
djs120Author Commented:
Nope, no syntax errors or missing brackets.
0
 
djs120Author Commented:
Never got a solution... oh well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.