Solved

Ampersand and percent sign removed from POSTed text field

Posted on 2007-11-22
4
720 Views
Last Modified: 2013-11-19
I have a web page where a visitor types his password in a text form field, which is then POSTed to a perl program.  When the field arrives, if there was an ampersand "&" or percent sign "%" in the person's password, the password field is not accurately presented to the perl script.  I'm guessing that's related to how the percent sign is used to evaluate spaces and other characters in URIs.

Is there a way to get these characters to POST accurately, or do people just typically disallow the use of these characters when a user is selecting a password?
Thanks,
Steve D.
0
Comment
Question by:StevenMiles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Assisted Solution

by:Suhas .
Suhas . earned 20 total points
ID: 20334809
since & and % are special characters and you are storing the password as string,
its better to have a condition before storing the password,

search for & or % , replace with \& or \% globally.

The best option is not to use special characters for password in this case.
0
 
LVL 48

Accepted Solution

by:
Tintin earned 70 total points
ID: 20336675
So long as you're correctly processing the CGI data, the % and & symbols will be recognised just fine.

Say your form field was called 'pass'

Then the following Perl/CGI code will display exactly what you typed in the field

#!/usr/bin/perl
use strict;
use CGI;
my $q = new CGI;
my $pass = $q->param('pass');
print $q->header('text/plain');
print "$pass\n";
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 35 total points
ID: 20337833
> Is there a way to get these characters to POST accurately,
the browser does that for you, it sends %25 for % and %26 for &
you simply need to url decode your parameters
(but take care that you also may get unexpected characters like %0d or %00 and many more, you need to implement a whitelist check also, but that's another story ...)
0
 

Author Comment

by:StevenMiles
ID: 20348127
Hi, all,
Tintin, your code worked exactly right.  I hadn't been using CGI, but rather doing the parsing myself, and I found some *strong* admonishments on the web to *not* do that, but rather use CGI for it.
And ahoffman, I shall also implement a whitelist for checking the input.  It took using CGI, at least for me, to get the input accurately.
However, there is another problem. If you would, please search for my name for another issue, closely related to this, that I'll be posting in about one minute!
--Steve
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question