|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #19762 POST action leads to $ variable containing 'dataenteredvariable=datayouentered'
Submitted: 2002-10-04 17:36 UTC Modified: 2002-10-05 03:09 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: fmartens at zwintranet dot nl Assigned:
Status: Closed Package: Apache2 related
PHP Version: 4CVS-2002-10-04 OS: linux (rh6.2)
Private report: No CVE-ID: None
 [2002-10-04 17:36 UTC] fmartens at zwintranet dot nl
When you have a form that uses POST as it's action. The value of the variable in which you store the data is as follows:

let "avar" be the variable
let "johndoe" be the text entered
you end up with $_POST[avar]="johndoeavar=johndoe"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-10-04 17:42 UTC] fmartens at zwintranet dot nl
using apache 2.0.43. this bug was also filed as 18648, but it was closed as 'no feedback'. the problem does still exist here.

apache compiled with:
./configure --with-ssl=/usr/local/ssl --enable-so --enable-mods-shared="proxy proxy_connect proxy_http status autoindex asis cgi dir alias rewrite" --with-apxs --enable-ssl

php compiled with:
./configure --prefix=/usr/local/apache2/php --with-apxs2=/usr/local/apache2/bin/apxs --with-openssl=/usr/local/ssl --with-mysql
 [2002-10-04 18:17 UTC]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

Given the provided info I am unable to replicate this bug.
 [2002-10-05 02:47 UTC] fmartens at zwintranet dot nl
let the web server be apache 2.0.43
let the php be 4CVS-2002-10-04
let there be a web form, submitted via POST, with only 1 field.

the contents of the variable of that one field get mangled.
if the name of the field is 'youraddress'
and you enter '14 bogusstreet'
the contents of $_POST[youraddress] become:
'14 bogusstreetyouraddress=14 bogusstreet'
 [2002-10-05 03:02 UTC]
Weird... looking at the other bugreports about this, this might be a configuration issue. Are you using the Input- and OutputFilter directives? You shouldn't. You only need the LoadModule line and one or more AddType lines.
 [2002-10-05 03:09 UTC] fmartens at zwintranet dot nl
as sander at php dot net suggested. this is the case, i was using the in/out filter in the apache config.

it wouldn't work without them in the previous version, but now it works al fine. thanks
 [2003-03-17 11:31 UTC] php at luizfelipe dot eng dot br
You must use either use Input/Output filter or AddType, but not both. If so the problem happens!
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 08 16:05:52 2022 UTC