473,320 Members | 1,883 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

$_POST + spaces and dots in keys

I have a very strange behaviour with POST keys.

Consider a test:

wtf.html:

=== Cut ===
<form action="eh.php" method="POST">
* * <input type="checkbox" name="many spaces and. . dots. . "/>
* * <input type="submit" value="Submit">
</form>
=== Cut ===

eh.php:

=== Cut ===
<?php
* * print_r($_POST);
?>
=== Cut ===

When we check the checkbox and click the Sumbit button we will see:

Array ( [many_spaces_and____dots____] => on )

It is send to server normally:

many+spaces+and.+.+dots.+.+=on

but in $_POST (or $HTTP_POST_VARS) we see what we see. Any ideas?

Dec 9 '05 #1
14 2765
Sergei Riaguzov wrote:
I have a very strange behaviour with POST keys.

Consider a test:

wtf.html:

=== Cut ===
<form action="eh.php" method="POST">
<input type="checkbox" name="many spaces and. . dots. . "/>
<input type="submit" value="Submit">
</form>
=== Cut ===

eh.php:

=== Cut ===
<?php
print_r($_POST);
?>
=== Cut ===

When we check the checkbox and click the Sumbit button we will see:

Array ( [many_spaces_and____dots____] => on )

It is send to server normally:

many+spaces+and.+.+dots.+.+=on

but in $_POST (or $HTTP_POST_VARS) we see what we see. Any ideas?


See the "cannot use "-" in variable names?" thread...

Basically, what I thought was any character that can't be used in a
variable name was automagically converted to an underscore, but
apparently "-" aren't any more.

--
Justin Koivisto, ZCE - ju****@koivi.com
http://koivi.com
Dec 9 '05 #2
On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
Basically, what I thought was any character that can't be used in a
variable name was automagically converted to an underscore, but apparently
"-" aren't any more.


I thought that would only be an issue if register_globals was on (a bad
idea IMHO).

Laie Techie

Dec 9 '05 #3
On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
Basically, what I thought was any character that can't be used in a
variable name was automagically converted to an underscore, but apparently
"-" aren't any more.


I thought that would only be an issue if register_globals was on (a bad
idea IMHO).

Laie Techie

Dec 9 '05 #4
On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
See the "cannot use "-" in variable names?" thread...

What have variable names to keys of array?!
$array["w t f"] = ...
print_r($array);

works nicely.

But try the example in the first post.
Dec 9 '05 #5
Sergei Riaguzov wrote:
On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:

See the "cannot use "-" in variable names?" thread...


What have variable names to keys of array?!
$array["w t f"] = ...
print_r($array);

works nicely.

But try the example in the first post.


PHP does allow free-form strings for array indicies, so that's perfectly
legal. I've never tried it (or heard anything to suggest otherwise), but
in theory, you could probably even use tabs, new lines, carriage
returns, etc. in the array index.

I'm wondering if it isn't PHP that does the conversion at all, but maybe
the web server software... I know when I first noticed that "-"
characters were being replaced I was using apache 1.3 (win & lin) with
php 4.x, but now I am using apache 2 (and php5), but I don't recall ever
finding documentation about this replacement stuff for either software.

--
Justin Koivisto, ZCE - ju****@koivi.com
http://koivi.com
Dec 9 '05 #6
On Fri, 09 Dec 2005 17:00:34 -0600, Justin Koivisto wrote:
I'm wondering if it isn't PHP that does the conversion at all, but maybe
the web server software... I know when I first noticed that "-"
characters were being replaced I was using apache 1.3 (win & lin) with
php 4.x, but now I am using apache 2 (and php5), but I don't recall ever
finding documentation about this replacement stuff for either software.

Cool.. That sounds like being a non deterministing finite automaton...
Thanx anyway.

Dec 9 '05 #7
Justin Koivisto wrote:

Basically, what I thought was any character that can't be used in a
variable name was automagically converted to an underscore, but
apparently "-" aren't any more.


Just to check my own sanity I downloaded a copy of PHP 3 to see if that
was the old behavior. It wasn't. Only '.' is converted.

The PHP changes dots to underscores because of the way <input
type="image"> elements behave. If the element has a name, then the
mouse pointer position would be submit as name.x and name.y. In the
days when register_globals was the primary way of accepting input, this
was necessary.

Dec 10 '05 #8
Sergei Riaguzov wrote:
Consider a test:

wtf.html:

=== Cut ===
<form action="eh.php" method="POST">
<input type="checkbox" name="many spaces and. . dots. . "/>
Spaces are not allowed in the name of HTML elements.

<quote src="http://www.w3.org/TR/html4/types.html#h-6.2">
ID and NAME tokens must begin with a letter ([A-Za-z]) and may be
followed by any number of letters, digits ([0-9]), hyphens ("-"),
underscores ("_"), colons (":"), and periods (".").
</quote>
<input type="submit" value="Submit">
</form>
=== Cut ===

eh.php:

=== Cut ===
<?php
print_r($_POST);
?>
=== Cut ===

When we check the checkbox and click the Sumbit button we will see:

Array ( [many_spaces_and____dots____] => on )
Yes, here also.
It is send to server normally:

many+spaces+and.+.+dots.+.+=on
Yes, here also.
but in $_POST (or $HTTP_POST_VARS) we see what we see. Any ideas?


I understand the reason the spaces are converted but I do not know why
the points are replaced; you may wnat to try the following if you need
the NAME with the dots and the spaces:

wtf.php (not wtf.html)
=== Cut ===
<form action="eh.php" method="post">
<input type="checkbox" name="<?php echo base64_encode('many spaces
and. . dots. . '); ?>"/>
<input type="submit" value="Submit">
</form>
=== Cut ===

eh.php
=== Cut ===
<?php
print_r($_POST);

$X_POST = array();
foreach ($_POST as $k=>$v) {
$X_POST[base64_decode($k)] = $v;
}
$_POST = $X_POST;
unset($X_POST);

echo "\n\n================\n\n";
print_r($_POST);
?>
=== Cut ===

Dec 10 '05 #9
And the totally bogus reason given in the manual:

http://fi.php.net/manual/en/language...l.dot-in-names

Dec 10 '05 #10
Chung Leong wrote:
And the totally bogus reason given in the manual:

http://fi.php.net/manual/en/language...l.dot-in-names

Why is that a bogus reason? If you use the register_globals way of
accessing the variables, there's no way to access a variable with a dot
in it. If youy access it via a superglobal, you explicitly give the name
as a string ($_POST['variable . rest']), but is used as a variable it reads:
$variable . rest
which is converted to
$variable . 'rest'
As the section after the dot is a bare string. So there is no way to
read $_POST['variable . rest'] as a normal (auto-registered)variable.

Best regards
Dec 10 '05 #11
Dikkie Dik wrote:
Why is that a bogus reason? If you use the register_globals way of
accessing the variables, there's no way to access a variable with a dot
in it. If youy access it via a superglobal, you explicitly give the name
as a string ($_POST['variable . rest']), but is used as a variable it reads:
$variable . rest
which is converted to
$variable . 'rest'


Maybe not bogus, just very poorly explained.

Dec 10 '05 #12
Dikkie Dik wrote:
Chung Leong wrote:
And the totally bogus reason given in the manual:

http://fi.php.net/manual/en/language...l.dot-in-names

Why is that a bogus reason? If you use the register_globals way of
accessing the variables, there's no way to access a variable with a dot
in it. If youy access it via a superglobal, you explicitly give the name
as a string ($_POST['variable . rest']), but is used as a variable it
reads:
$variable . rest
which is converted to
$variable . 'rest'
As the section after the dot is a bare string. So there is no way to
read $_POST['variable . rest'] as a normal (auto-registered)variable.

Best regards


Incorrect.

'variable . rest'

is not converted to

$variable . rest

since it is within single quotes.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Dec 10 '05 #13
maraguida wrote:
<quote src="http://www.w3.org/TR/html4/types.html#h-6.2">
ID and NAME tokens must begin with a letter ([A-Za-z]) and may be
followed by any number of letters, digits ([0-9]), hyphens ("-"),
underscores ("_"), colons (":"), and periods (".").
</quote>


Yes, but if you look at the attribute definitions for the INPUT element
<http://www.w3.org/TR/html401/interact/forms.html#h-17.4>, you'll see that
the name attribute is defined as CDATA, and not a NAME token. The NAME
token type that you've quoted only actually applies to the META element's
name (and http-equiv) attribute.

Thus '<input name="/This\ %is+ $a; ~valid# @name^ |attribute!">' is
valid HTML 4, though it might not be very well supported.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Dec 11 '05 #14
Toby Inkster wrote:
maraguida wrote:
<quote src="http://www.w3.org/TR/html4/types.html#h-6.2">
<irrelevant quote snipped>
[...] name attribute is defined as CDATA, and not a NAME token. [...]

Thus '<input name="/This\ %is+ $a; ~valid# @name^ |attribute!">' is
valid HTML 4 [...].


Thank you for the correction.

Dec 11 '05 #15

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Raptor | last post by:
I'm using a single script to generate a table with <input>s in each row. I fill the array with initial values, then write it out to the table and let the user edit the values. Something like: ...
12
by: AJ Z | last post by:
I am using in_array() to search for a value ("other"), in order to validate a form. If I pass $_POST as the array to search PHP says that it is an invalid datatype. It is an array and if I copy...
5
by: comp.lang.php | last post by:
// NEW 11/27/2006: FINALLY, IF YOU ADDED OR DELETED OR DID ANY KIND OF FORM ACTION SUCCESSFULLY, DON'T RE-DISPLAY THE NEW EXPENSE ITEMS VIA $_POST if ($_POST && (!is_array($leaseObj->errorArray)...
9
by: Jeff | last post by:
I have a legacy database table that has spaces in the field names. So I have a form that looks like this: <input type="text" name="name with space" value="some_value"> on the server I have:...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.