Link to home
Start Free TrialLog in
Avatar of Simon336697
Simon336697Flag for Australia

asked on

@$_POST

Hi guys I need help (please).

Im trying to work out what @$_POST actually does in the following.

Im getting a message saying..

Fatal error: Call to undefined function htlmspecialchars() in C:\wamp\www\testing.php on line 2

And im only getting one textbox being displayed on page load, and it has the characters..

<br

inside it, which is wrong.

Here is the code........................................................

----------------------------------------------------------------------------testing.php

<?php
 # Data Center Listing script
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
Server: <input type="text" name="server" value="<?php echo htlmspecialchars(@$_POST['server']); ?>" /><br/>
Datacenter: <input type="text" name="datacenter" value="<?php echo htlmspecialchars(@$_POST['datacenter']); ?>" /><br/>
Username: <input type="text" name="username" value="<?php echo htlmspecialchars(@$_POST['username']); ?>" /><br/>
Password: <input type="password" name="password" /><br/>
<input type="submit" value="show listing" />
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
 $shellStr = sprintf(
   'perl e:\datacenterlisting.pl -- server "%s" --datacenter "%s" --username "%s" --password "%s"'
  , escapeshellarg($_POST['server'])
  , escapeshellarg($_POST['datacenter'])
  , escapeshellarg($_POST['username'])
  , escapeshellarg($_POST['password'])
  );
  echo 'Results:<pre>'.htmlspecialchars(shell_exec($shellStr)).'</pre>';
}
?>
-----------------------------------------------------------------------------------------------

I really want to understand this, but having a lot of trouble.
Calling on you gurus to clarify what is happening. Thank you.
SOLUTION
Avatar of Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3]
Flag of Luxembourg image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Arikael: good catch :)
Avatar of Simon336697

ASKER

Hi kind folk.
Okay, thanks to you 3, im making progress.
Arikael, you were spot on with the htmlspecialchars.

Here is the code with that correction.....

===========================================================================
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
Server: <input type="text" name="server" value="<?php echo htmlspecialchars(@$_POST['server']); ?>" /><br/>
Datacenter: <input type="text" name="datacenter" value="<?php echo htmlspecialchars(@$_POST['datacenter']); ?>" /><br/>
Username: <input type="text" name="username" value="<?php echo htmlspecialchars(@$_POST['username']); ?>" /><br/>
Password: <input type="password" name="password" /><br/>
<input type="submit" value="show listing" />
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
 $shellStr = sprintf(
   'perl e:\datacenterlisting.pl -- server "%s" --datacenter "%s" --username "%s" --password "%s"'
  , escapeshellarg($_POST['server'])
  , escapeshellarg($_POST['datacenter'])
  , escapeshellarg($_POST['username'])
  , escapeshellarg($_POST['password'])
  );
  echo 'Results:<pre>'.htmlspecialchars(shell_exec($shellStr)).'</pre>';
}
?>
=====================================================================

Im not getting that error message any more now. Instead im getting the following when the page loads...


--------------------------------------------------------------------------------------- testing01.php

Server: ______________

Datacenter: ________________

Username: ___________________

Password: ____________________

------------------------------------------------------------------------------------

So if i fill out the above as follows:


Server: serverA

Datacenter:  Aplace

Username: domain\username

Password:  password

Then click on show listing

---------------------------------------- What is displayed is the follows...

Results:

Required command option 'datacenter' not specified

-----------------------------------------

and the textbox entries are converted as follows in the page itself after I click on 'show listing'

Server: serverA

Datacenter:  Aplace

Username: domain\\username      (a double backslash is inserted)

Password:  password

Results:

Required command option 'datacenter' not specified

--------------------------------------------------------------------
At a command line, if i run the perl script, it successfully runs with the following syntax..notice the datacenter where there is a datacenter with only one word, then another one with multiple words..

E:\>perl datacenterlisting.pl --server serverA --datacenter "DC002 ABC" --username domain\username --password "password"

E:\>perl datacenterlisting.pl --server serverA --datacenter "DC001" --username colesmyer\username --password "password"

What ive also noticed is that in testing01.php, if I do the following...

Username: domain\username

For each time i click on show listing, it does the following....

domain\username
domain\\username
domain\\\\username
domain\\\\\\\\username

and if I enclose for example, datacenter in "    ", eg.

Datacenter:  "dc01 abc"

then click on show listing, i get:

\"dc01 abc\"
\\"dc01 abc\\\"
From a command line,

E:\>perl datacenterlisting.pl --server serverA --datacenter "DC002 ABC" --username domain\username --password "password"

E:\>perl datacenterlisting.pl --server serverA --datacenter "DC001" --username colesmyer\username --password "password"

Both the above work.

If I leave out the --datacenter option, I get:

Required command option 'datacenter' not specified.

This is the same message im getting in the testing01.php page with the following code..

===========================================================================
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
Server: <input type="text" name="server" value="<?php echo htmlspecialchars(@$_POST['server']); ?>" /><br/>
Datacenter: <input type="text" name="datacenter" value="<?php echo htmlspecialchars(@$_POST['datacenter']); ?>" /><br/>
Username: <input type="text" name="username" value="<?php echo htmlspecialchars(@$_POST['username']); ?>" /><br/>
Password: <input type="password" name="password" /><br/>
<input type="submit" value="show listing" />
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
 $shellStr = sprintf(
   'perl e:\datacenterlisting.pl -- server "%s" --datacenter "%s" --username "%s" --password "%s"'
  , escapeshellarg($_POST['server'])
  , escapeshellarg($_POST['datacenter'])
  , escapeshellarg($_POST['username'])
  , escapeshellarg($_POST['password'])
  );
  echo 'Results:<pre>'.htmlspecialchars(shell_exec($shellStr)).'</pre>';
}
?>
=====================================================================