php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #22155 $_POST[varname] not interpreted
Submitted: 2003-02-10 17:30 UTC Modified: 2003-02-10 18:00 UTC
From: glyn at tomkins dot net Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.3.0 OS: Win2K and Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2003-02-10 17:30 UTC] glyn at tomkins dot net 
I am a PHP-newbie but having read the language reference I believe that the two attached scripts should work the same.

In the first example, the form_block variable is defined within double quotes. In this example the escape character is used before every " within the block.

In the second example which fails to give the expected result, the form_block variable is defined within single quotes and whereever " occur within the form, there is no escape character. there are no other differences between the two scripts.

The VALUE="$_FORM(varname)" are within the html in formblock to ensure that previously entered values are redisplayed. 

Try the two out and you see that in the first example, the fields are initially blank and in the second example, $_FORM(var) is displayed. In the first when you enter a value and the form errors out, the original values are retained as expected - in the second, the form always reverts to $_FORM(var)

I have recrated this problem under Windows/Apache and Linux/Apache. See phpinfo at the end.

So why not simply use double quotes? I want to use the single quotes because i am using NetObjects Fusion for my web site development and am not in control of the html generated - ie I can not use "s because I can not generate the html with escape characters. 

If I can do this I plan to publish a tutorial on how simple it is to use PHP with netObjects to validate forms thus promoting PHP within the NOF community.  Currently my workaround means using a separate form and PHP script/error page which is less elegant to the end user.
 
Example 1: works as expected.

<HTML>
<HEAD>
<TITLE>All-In-One Feedback Form</TITLE>
</HEAD>
<BODY>
<?
$form_block ="
<FORM METHOD=\"POST\" ACTION=\"$_SERVER[PHP_SELF]\">
<P><strong>Your Name:</strong><br>
<INPUT type=\"text\" NAME=\"sender_name\" VALUE=\"$_POST[sender_name]\" SIZE=30></P>
<P><strong>Your E-Mail Address:</strong><br>
<INPUT type=\"text\" NAME=\"sender_email\" VALUE=\"$_POST[sender_email]\" SIZE=30></P>
<P><strong>Message:</strong><br>
<TEXTAREA NAME=\"message\" COLS=30 ROWS=5 WRAP=virtual>$_POST[message]</TEXTAREA></P>
<INPUT type=\"hidden\" name=\"op\" value=\"ds\">
<P><INPUT TYPE=\"submit\" NAME=\"submit\" VALUE=\"Send This Form\"></p>
</FORM>";


if ($_POST[op] != "ds") {

	//they need to see the form
	echo "$form_block";

} else {
	echo "<p>OK</p>";
	//check value of $_POST[sender_name]
	if ($_POST[sender_name] == "") {
		$name_err ="<font color=red>Please enter your name!</font><br>";
		$send ="no";
	}

	//check value of $_POST[sender_email]
	if ($_POST[sender_email] == "") {
		$email_err ="<font color=red>Please enter your e-mail address!</font><br>";
		$send ="no";
	}

	//check value of $_POST[message]
	if ($_POST[message] == "") {
		$message_err ="<font color=red>Please enter a message!</font><br>";
		$send ="no";
	}

	if ($send != "no"){
		//it's ok to send,so build the mail
		$msg ="E-MAIL SENT FROM WWW SITE \n";
		$msg .="Sender's Name:$_POST[sender_name]\n";
		$msg .="Sender's E-Mail:$_POST[sender_email]\n";
		$msg .="Message:$_POST[message]\n \n";

		$to ="glyn@tomkins.net";
		$subject ="All-in-One Web Site Feedback";
		$mailheaders ="From:My Web Site <>\n";
		$mailheaders .="Reply-To:$_POST[sender_email]\n\n";

		//send the mail
		mail($to,$subject,$msg,$mailheaders);

		//display confirmation to user
		echo "<P>Mail has been sent!</p>";

	} else {
		//print error messages
		echo "$name_err";
		echo "$email_err";
		echo "$message_err";
		echo "$form_block";
	}
}
?>


Example 2: does not work as expected

<HTML>
<HEAD>
<TITLE>All-In-One Feedback Form</TITLE>
</HEAD>
<BODY>
<?
$form_block ='
<FORM METHOD="POST" ACTION="$_SERVER[PHP_SELF]">
<P><strong>Your Name:</strong><br>
<INPUT type="text" NAME="sender_name" VALUE="$_POST[sender_name]" SIZE=30></P>
<P><strong>Your E-Mail Address:</strong><br>
<INPUT type="text" NAME="sender_email" VALUE="$_POST[sender_email]" SIZE=30></P>
<P><strong>Message:</strong><br>
<TEXTAREA NAME="message" COLS=30 ROWS=5 WRAP=virtual>$_POST[message]</TEXTAREA></P>
<INPUT type="hidden" name="op" value="ds">
<P><INPUT TYPE="submit" NAME="submit" VALUE="Send This Form"></p>
</FORM>';


if ($_POST[op] != "ds") {

	//they need to see the form
	echo "$form_block";

} else {

	//check value of $_POST[sender_name]
	if ($_POST[sender_name] == "") {
		$name_err ="<font color=red>Please enter your name!</font><br>";
		$send ="no";
	}

	//check value of $_POST[sender_email]
	if ($_POST[sender_email] == "") {
		$email_err ="<font color=red>Please enter your e-mail address!</font><br>";
		$send ="no";
	}

	//check value of $_POST[message]
	if ($_POST[message] == "") {
		$message_err ="<font color=red>Please enter a message!</font><br>";
		$send ="no";
	}

	if ($send != "no"){
		//it's ok to send,so build the mail
		$msg ="E-MAIL SENT FROM WWW SITE \n";
		$msg .="Sender's Name:$_POST[sender_name]\n";
		$msg .="Sender's E-Mail:$_POST[sender_email]\n";
		$msg .="Message:$_POST[message]\n \n";

		$to ="glyn@tomkins.net";
		$subject ="All-in-One Web Site Feedback";
		$mailheaders ="From:My Web Site <>\n";
		$mailheaders .="Reply-To:$_POST[sender_email]\n\n";

		//send the mail
		mail($to,$subject,$msg,$mailheaders);

		//display confirmation to user
		echo "<P>Mail has been sent!</p>";

	} else {
		//print error messages
		echo "$name_err";
		echo "$email_err";
		echo "$message_err";
		echo "$form_block";
	}
}
?>

PHP info for my Win2k server:

PHP Version 4.3.0 

System  Windows NT localhost 5.0 build 2195  
Build Date  Dec 27 2002 05:28:00  
Server API  CGI/FastCGI  
Virtual Directory Support  enabled  
Configuration File (php.ini) Path  C:\WINNT\php.ini  
PHP API  20020918  
PHP Extension  20020429  
Zend Extension  20021010  
Debug Build  no  
Thread Safety  enabled  
Registered PHP Streams  php, http, ftp, compress.zlib  


PHP info for my Linux server:

PHP Version 4.3.0RC2 

System  Linux ns1.xxx.com 2.4.19PIII #1 Fri Oct 18 10:21:27 EDT 2002 i686  
Build Date  Dec 2 2002 21:40:37  
Configure Command  './configure' '--with-mysql' '--with-apxs=/usr/sbin/apxs'  
Server API  Apache  
Virtual Directory Support  disabled  
Configuration File (php.ini) Path  /usr/local/lib/php.ini  
PHP API  20020918  
PHP Extension  20020429  
Zend Extension  20021010  
Debug Build  no  
Thread Safety  disabled  
Registered PHP Streams  php, http, ftp, compress.zlib

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-02-10 18:00 UTC] sniper@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.


Variables inside single quotes are NOT expanded.
You need to read the manual more carefully.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed May 01 04:01:30 2024 UTC