Form Data Loss

On 21 Jun 2004 10:03:55 -0700, kc**@issllc.com (smilemaster) wrote:

====test_form2.php====
<?
echo "textboxvalue: ".$textboxvalue;
?>
====================== submit button, on the second page only "textboxvalue: " is displayed.

i suppose you have turned off "register_globals" in your php.ini
Either turn it on or use the $_POST Array (which is the better
solution):

echo "textboxvalue: ".$_POST['textboxvalue'];

Regards
Marian
--
Tipps und Tricks zu PHP, Coaching und Projektbetreuung
http://www.heddesheimer.de/coaching/

Sorry for such a newbee question, but why is using the $_Post Array
better?

Also, I checked "register_globals" and it is set to "On" both for the
"Local Value" and the "Master Value".

Thanks,

-Karl

Marian Heddesheimer <20*************@spamgourmet.com> wrote in message news:<ek********************************@4ax.com>. ..

On 21 Jun 2004 10:03:55 -0700, kc**@issllc.com (smilemaster) wrote:

====test_form2.php====
<?
echo "textboxvalue: ".$textboxvalue;
?>
======================

submit button, on the second page only "textboxvalue: " is displayed.

i suppose you have turned off "register_globals" in your php.ini
Either turn it on or use the $_POST Array (which is the better
solution):

echo "textboxvalue: ".$_POST['textboxvalue'];

Regards
Marian

smilemaster (kc**@issllc.com) wrote:
: I have recently started experiencing form data loss. Here is an
: example:
: CLIENT
: Windows XP Pro
: Internet Explorer 6.0.28

I could be way off base, but I seem to recall reading about exactly this
problem with IE. For whatever reason, under certain conditions it doesn't
send the data from the form to the server.

Is it possible that the version of IE has changed recently? If other
things changed, such as whether http was changed to https, then this would
also explain why you see it now and not before, but even then, the problem
could be IE.

I would try the pages using another browser to see it that changes
anything.

$0.02

smilemaster wrote:

I have recently started experiencing form data loss. Here is an
example:
and Marian Heddesheimer replied:i suppose you have turned off "register_globals" in your php.ini

smile: Marian's answer is almost certainly the correct one. Especially
since you report that this is something you "recently started
experiencing". Check with your server admin and ask if they recently
upgraded the machine to a newer version of php or whatever unix flavor
os it's (presumably) got. I believe that php 4.2.0 was the first
revision where register_globals is turned off by default.

I discovered this the hard way by working through a Wrox book on php.
register_globals is a php.ini setting that allows all variable values
passed through either forms or urls to be recognized as global variables
by default. Well, this creates all sorts of security problems which is
why it's normally recommended that you turn this feature *off* in the
php.ini. When you do this, it means that if you want to access a value
passed through a form field, you must access it through either the POST
or REQUEST global arrays, and if you want to access a value passed
through a url, you must access it through either the GET or REQUEST
global arrays, thus:

//value passed through form field text box named 'myfield'
$myvalue=$_POST['myfield'];

//value passed through url, i.e.,
//"http://www.myurl.net/test.php?myfield=myvalue"
$myvalue=$_GET['myfield'];

Not only that, but if you need to pass any values acquired in this
manner to a function, they need to be explicitly declared as global
within the function, thus:

function myFunctionName () {
global $myvalue;
}

See the following errata page from Wrox for an explanation (refer to the
second entry on the errata listing):
http://www.wrox.com/books/errata/076...4_errata.shtml

Also see the following documentation on www.php.net (be sure to scroll
to the bottom of the page to the section headed 'SECURITY: NEW INPUT
MECHANISM'):
http://www.php.net/release_4_1_0.php

Also see this page and refer to the big box headed 'Warning':
http://us4.php.net/variables.predefined

As you can see, as of revision 4.2.0, register_globals is turned *off*
by default, and you absolutely should leave it that way. Just revise
your code per the examples above.

I checked my phpinfo() page and "register_globals" is set to "On" both
for the "Local Value" and the "Master Value".

Also, I updated my test pages with a $_POST reference, here ya go:

===test_form1.php===
<form method="POST" action="test_form2.php">
<input name="textboxvalue" type="text" size="20">
<input type="submit" value="Submit">
</form>

===test_form2.php===
<?
echo "textboxvalue: ".$textboxvalue;
echo "<br>textboxvalue (Post Array): ".$_POST['textboxvalue'];
//<--NEW
?>

Again, these codes samples are incomplete for clarity's sake (for
example I've left out the <HTML> tages).

I contacted the company that hosts the pages for me (Yahoo!
Webhosting) and because the above pages were working at the time they
tried them, they could not replicate my problem and therefore refused
to help further.

The super weird thing about this problem is that it only happens
*sometimes*. Like today I've been working on the PHP app I am
developing and it's worked fine except for on two occasions when it
stopped working and I had to reboot.

Another fact to add to the "super weird" file is that when this
problem starts, it occurs in multiple types of browsers. When it
started last time I tried the above test pages in IE6.0, Mozilla, and
Opera with the *same* results in all of them (it didnt work).

Also, like I said before, this problem has happened across my company
at computers in different offices with different ISPs. The only
corrolation I can think of is that all of the machines we have run XP
Pro.

I'm about to pull my remaining hair out! :-(

smilemaster wrote:

I have recently started experiencing form data loss. Here is an
example:

====test_form1.php====

<form method="POST" action="test_form2.php">
<input name="textboxvalue" type="text" size="20">
<br>
<input type="submit" value="Submit">
</form>

======================
====test_form2.php====
<?
echo "textboxvalue: ".$textboxvalue;
?>
======================

(note: these are incomplete examples, I have left out the <html> tags
for example)

After putting in data into the textboxvalue textbox and pressing the
submit button, on the second page only "textboxvalue: " is displayed.
The weird thing is that when I restart my computer, this works fine,
but then stops working again. These pages are encrypted with 128 SSL
encryption (mod_SSL 2.8.15).

This problem has plagued an online app that I am developing and is a
company-wide problem that happens on computers in other offices too.

Here's my info:

SERVER
Apache 1.3.28
PHP 4.3.6
MySQL 3.23.39
mod_SSL 2.8.15
phpMyAdmin 2.50

CLIENT
Windows XP Pro
Internet Explorer 6.0.28

what OS is the server running?

Michael Austin.

The server is running FreeBSD 4.8

-Karl

Here's my info:

SERVER
Apache 1.3.28
PHP 4.3.6
MySQL 3.23.39
mod_SSL 2.8.15
phpMyAdmin 2.50

CLIENT
Windows XP Pro
Internet Explorer 6.0.28

what OS is the server running?

Michael Austin.

Bathroom_Monkey wrote:

Here's my info:

SERVER
Apache 1.3.28
PHP 4.3.6
MySQL 3.23.39
mod_SSL 2.8.15
phpMyAdmin 2.50

CLIENT
Windows XP Pro
Internet Explorer 6.0.28

what OS is the server running?

Michael Austin.

The server is running FreeBSD 4.8

-Karl

Okay, there have been several suggestions about turning on error
checking. What did that yield?

With the latest version of PHP (4.3.something) I started using the
following code at the top of all of my scripts just to make sure I get
all of the variables...

<?php
// comment the following lines to turn off error messaging
error_reporting(E_ALL);
ini_set('display_errors', 1);
if (!empty($_GET))
{
extract($_GET);
}
else if (!empty($HTTP_GET_VARS))
{
extract($HTTP_GET_VARS);
}
if (!empty($_POST))
{
extract($_POST);
}
else if (!empty($HTTP_POST_VARS))
{
extract($HTTP_POST_VARS);
}
......
?>

But before you do change test_form2.php to:

<?
echo "POST textboxvalue: ".$_POST["textboxvalue"]; //more transportable
echo "GET textboxvalue: ".$_GET["textboxvalue"]; //coding style.
?>

What does this give you??
Michael Austin.

Error checking has yielded very little. After adding the GET
statement to the php code, here is what the error message is when this
problem is occuring:

====================================
Notice: Undefined variable: textboxvalue in
/ssl/TEST_nb_TEST/test_form2.php on line 39
textboxvalue:
Notice: Undefined index: textboxvalue in
/ssl/TEST_nb_TEST/test_form2.php on line 43
textboxvalue (Post Array):
Notice: Undefined index: textboxvalue in
/ssl/TEST_nb_TEST/test_form2.php on line 44

GET textboxvalue:
====================================
In this revision of fixing this problem, here is what my code looks
like in test_form2.php:
====================================
<?
// comment the following lines to turn off error messaging
error_reporting(E_ALL);
ini_set('display_errors', 1);
if (!empty($_GET))
{
extract($_GET);
}
else if (!empty($HTTP_GET_VARS))
{
extract($HTTP_GET_VARS);
}
if (!empty($_POST))
{
extract($_POST);
}
else if (!empty($HTTP_POST_VARS))
{
extract($HTTP_POST_VARS);
}

?>

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<title>TEST FORM PAGE 2</title>
</head>

<body>
<br><br>
<?
echo "textboxvalue: ".$textboxvalue;

echo "<br><br>";

echo "textboxvalue (Post Array): ".$_POST['textboxvalue'];
echo "<br>GET textboxvalue: ".$_GET['textboxvalue'];
?>
</body>

</html>

====================================

Bathroom_Monkey wrote:

<?
echo "textboxvalue: ".$textboxvalue;
echo 'textboxvalue: ',
isset($_REQUEST['textboxvalue'])
? $_REQUEST['textboxvalue']
: '(no_textboxvalue)';

/* The array $_REQUEST is a combination of $_COOKIE, $_GET, and $_POST
* in an order determined by your PHP configuration */

/* But I really prefer to treat those arrays separately */
echo "<br><br>";

echo "textboxvalue (Post Array): ".$_POST['textboxvalue'];
echo 'textboxvalue (Post Array): ',
isset($_POST['textboxvalue'])
? $_POST['textboxvalue']
: '(no_POST_textboxvalue)';
echo "<br>GET textboxvalue: ".$_GET['textboxvalue'];
echo '<br>GET textboxvalue: ',
isset($_GET['textboxvalue'])
? $_GET['textboxvalue']
: '(no_GET_textboxvalue)';
?>

--
USENET would be a better place if everybody read: | to email me: use |
http://www.catb.org/~esr/faqs/smart-questions.html | my name in "To:" |
http://www.netmeister.org/news/learn2quote2.html | header, textonly |
http://www.expita.com/nomime.html | no attachments. |

Bathroom_Monkey wrote:

Error checking has yielded very little. After adding the GET
statement to the php code, here is what the error message is when this
problem is occuring:

====================================
Notice: Undefined variable: textboxvalue in
/ssl/TEST_nb_TEST/test_form2.php on line 39
textboxvalue:
Notice: Undefined index: textboxvalue in
/ssl/TEST_nb_TEST/test_form2.php on line 43
textboxvalue (Post Array):
Notice: Undefined index: textboxvalue in
/ssl/TEST_nb_TEST/test_form2.php on line 44

GET textboxvalue:
====================================
In this revision of fixing this problem, here is what my code looks
like in test_form2.php:
====================================
<?
// comment the following lines to turn off error messaging
error_reporting(E_ALL);
ini_set('display_errors', 1);
if (!empty($_GET))
{
extract($_GET);
}
else if (!empty($HTTP_GET_VARS))
{
extract($HTTP_GET_VARS);
}
if (!empty($_POST))
{
extract($_POST);
}
else if (!empty($HTTP_POST_VARS))
{
extract($HTTP_POST_VARS);
}

?>

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<title>TEST FORM PAGE 2</title>
</head>

<body>
<br><br>
<?
echo "textboxvalue: ".$textboxvalue;

echo "<br><br>";

echo "textboxvalue (Post Array): ".$_POST['textboxvalue'];
echo "<br>GET textboxvalue: ".$_GET['textboxvalue'];
phpinfo(); // add this to your code - email it directly to me
// as you may not want this viewable to everyone. ?>
</body>

</html>

====================================

This has got to be a platform and or php ini problem. I just cut/pasted
your code and it works for me... see the above addition and comments

Again the question: do you have control over setting the environment
variables and/or system/php/mysql configuration variables?

Michael Austin.

I don't have control over the server variables (php.ini, etc.) as the
servers are hosted by Yahoo! Webhosting. I checked the variables that
everyone has talked about however (like the keep alive, etc.) and they
are all set "correctly" already.

-Karl

smilemaster wrote:

I don't have control over the server variables (php.ini, etc.) as the
servers are hosted by Yahoo! Webhosting. I checked the variables that
everyone has talked about however (like the keep alive, etc.) and they
are all set "correctly" already.

-Karl

is Yahoo! Webhosting willing to make changes to the server to allow you
to execute your code?

Okay, we are going to try this one more time using this code...
basically the same thing only condensed into one php file instead of two.

<?
// comment the following lines to turn off error messaging
error_reporting(E_ALL);
ini_set('display_errors',1);
if (!empty($_GET))
{
extract($_GET);
}
else if (!empty($HTTP_GET_VARS))
{
extract($HTTP_GET_VARS);
}
if (!empty($_POST))
{
extract($_POST);
}
else if (!empty($HTTP_POST_VARS))
{
extract($HTTP_POST_VARS);
}

if (isset($flag) && ($flag > 0))
{
echo "textboxvalue: ".$textboxvalue."<br>";
echo "<br><br>";
if (isset($_POST['textboxvalue']))
{
echo "textboxvalue (Post Array):
".$_POST['textboxvalue']."<br>";
}
else { echo "POST TEXTBOX VALUE NOT SET<br>";
}
if (isset($_GET['textboxvalue']))
{
echo "textboxvalue:(Get Array)
".$_GET['textboxvalue']."<br>";
}
else { echo "GET TEXTBOX VALUE NOT SET<br>"; }
echo "<form method=post><br><center>";
echo "<input type=hidden name=flag value=0 >";
echo "<input TYPE=submit value=Back></center>";

echo "</form>";
// phpinfo();

}
else {
echo "<form method=GET>";
echo "<input name=textboxvalue type=text size=20>";
echo "<br>";
echo "<input type=hidden name=flag value=1>";
echo "<input type=submit value=Submit> </form>";
}
?>

if this doesn't work, I suggest bringing up your own server...

Michael Austin.

I think I could probably work with them to make some changes, I'd have
to know what to ask for, however. All of the reccommendations on this
thread already exist it their settings.

is Yahoo! Webhosting willing to make changes to the server to allow you
to execute your code?