Solved

Ampersand and percent sign removed from POSTed text field

Posted on 2007-11-22
4
716 Views
Last Modified: 2013-11-19
I have a web page where a visitor types his password in a text form field, which is then POSTed to a perl program.  When the field arrives, if there was an ampersand "&" or percent sign "%" in the person's password, the password field is not accurately presented to the perl script.  I'm guessing that's related to how the percent sign is used to evaluate spaces and other characters in URIs.

Is there a way to get these characters to POST accurately, or do people just typically disallow the use of these characters when a user is selecting a password?
Thanks,
Steve D.
0
Comment
Question by:StevenMiles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Assisted Solution

by:Suhas .
Suhas . earned 20 total points
ID: 20334809
since & and % are special characters and you are storing the password as string,
its better to have a condition before storing the password,

search for & or % , replace with \& or \% globally.

The best option is not to use special characters for password in this case.
0
 
LVL 48

Accepted Solution

by:
Tintin earned 70 total points
ID: 20336675
So long as you're correctly processing the CGI data, the % and & symbols will be recognised just fine.

Say your form field was called 'pass'

Then the following Perl/CGI code will display exactly what you typed in the field

#!/usr/bin/perl
use strict;
use CGI;
my $q = new CGI;
my $pass = $q->param('pass');
print $q->header('text/plain');
print "$pass\n";
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 35 total points
ID: 20337833
> Is there a way to get these characters to POST accurately,
the browser does that for you, it sends %25 for % and %26 for &
you simply need to url decode your parameters
(but take care that you also may get unexpected characters like %0d or %00 and many more, you need to implement a whitelist check also, but that's another story ...)
0
 

Author Comment

by:StevenMiles
ID: 20348127
Hi, all,
Tintin, your code worked exactly right.  I hadn't been using CGI, but rather doing the parsing myself, and I found some *strong* admonishments on the web to *not* do that, but rather use CGI for it.
And ahoffman, I shall also implement a whitelist for checking the input.  It took using CGI, at least for me, to get the input accurately.
However, there is another problem. If you would, please search for my name for another issue, closely related to this, that I'll be posting in about one minute!
--Steve
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question