Solved

Ampersand and percent sign removed from POSTed text field

Posted on 2007-11-22
4
709 Views
Last Modified: 2013-11-19
I have a web page where a visitor types his password in a text form field, which is then POSTed to a perl program.  When the field arrives, if there was an ampersand "&" or percent sign "%" in the person's password, the password field is not accurately presented to the perl script.  I'm guessing that's related to how the percent sign is used to evaluate spaces and other characters in URIs.

Is there a way to get these characters to POST accurately, or do people just typically disallow the use of these characters when a user is selecting a password?
Thanks,
Steve D.
0
Comment
Question by:StevenMiles
4 Comments
 
LVL 9

Assisted Solution

by:Suhas .
Suhas . earned 20 total points
ID: 20334809
since & and % are special characters and you are storing the password as string,
its better to have a condition before storing the password,

search for & or % , replace with \& or \% globally.

The best option is not to use special characters for password in this case.
0
 
LVL 48

Accepted Solution

by:
Tintin earned 70 total points
ID: 20336675
So long as you're correctly processing the CGI data, the % and & symbols will be recognised just fine.

Say your form field was called 'pass'

Then the following Perl/CGI code will display exactly what you typed in the field

#!/usr/bin/perl
use strict;
use CGI;
my $q = new CGI;
my $pass = $q->param('pass');
print $q->header('text/plain');
print "$pass\n";
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 35 total points
ID: 20337833
> Is there a way to get these characters to POST accurately,
the browser does that for you, it sends %25 for % and %26 for &
you simply need to url decode your parameters
(but take care that you also may get unexpected characters like %0d or %00 and many more, you need to implement a whitelist check also, but that's another story ...)
0
 

Author Comment

by:StevenMiles
ID: 20348127
Hi, all,
Tintin, your code worked exactly right.  I hadn't been using CGI, but rather doing the parsing myself, and I found some *strong* admonishments on the web to *not* do that, but rather use CGI for it.
And ahoffman, I shall also implement a whitelist for checking the input.  It took using CGI, at least for me, to get the input accurately.
However, there is another problem. If you would, please search for my name for another issue, closely related to this, that I'll be posting in about one minute!
--Steve
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now