php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #22612 POST variable names and values are garbled
Submitted: 2003-03-08 16:23 UTC Modified: 2004-06-29 23:00 UTC
From: dave at bcs dot co dot nz Assigned:
Status: Not a bug Package: Apache related
PHP Version: 4.3.2-dev OS: Linux
Private report: No CVE-ID: None
 [2003-03-08 16:23 UTC] dave at bcs dot co dot nz
Try the following, and keep pressing the button, noting the POST array reported...

I get reults like:

Array ( [key+AAA-?c??d?0e?g??g?Ph?] => Press Me+AAA- ) 


Things work OK if either the '+' or '-' is not there.


<html>
 <body>

  <?php print_r($_POST) ; ?>

  <form method='post' action=''>
    <input type='submit' name='key' value='Press Me'/>+9-9
  </form>

 </body>
</html>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-03-09 18:17 UTC] moriyoshi@php.net
I can't reproduce the problem.

1. Did you really experience that one with the latest CVS snapshot of PHP? If the actual version is 4.2.3, upgrade it to 4.3.0 or later versions and probably the problem will be solved.
2. Which httpd are you using? (e.g. Apache) and what version? If that's Apache, How did you install PHP? As a DSO module? or as a CGI binary?



 [2003-03-09 18:21 UTC] sniper@php.net
I just get this error with the provided example script:

"
Method Not Allowed

The requested method POST is not allowed for the URL /index.html.
"

And when I edit the script to be correct, I don't get
any mangled variable contents either.

 [2003-03-09 18:58 UTC] dave at bcs dot co dot nz
It is definitely PHP Version 4.3.2-dev, built from CVS of 2003-03-08, statically linked into Apache 1.3.26
 [2003-03-09 19:24 UTC] sniper@php.net
So what was the configure line used?

 [2003-03-09 20:53 UTC] dave at bcs dot co dot nz
Configuration options are:

./configure --with-apache=/usr/src/apache_1.3.26 --disable-debug            \
  --enable-trans-sid --with-mysql=/usr/local/mysql --enable-magic-quotes    \
  --enable-xslt --with-xslt-sablot=/usr/local --with-expat-dir=/usr/local   \
  --with-gd --enable-gd-native-ttf --with-png-dir=/usr --with-jpeg-dir=/usr \
  --with-zlib-dir=/usr --with-freetype-dir=/usr/local                       \
  --with-openssl=/usr/local/ssl --with-imap-ssl=/usr/local/ssl              \
  --with-gettext --with-xml --with-mcrypt --with-imap=/usr/src/imap-2002b
 [2003-03-09 21:07 UTC] sniper@php.net
Does this happen with any browser? 
Can you add the output of this command to this report
if this happens with any browser:

# diff -u php.ini-dist /usr/local/lib/php.ini

(provided you even have a php.ini there..)

 [2003-03-09 21:46 UTC] dave at bcs dot co dot nz
It appears to be an IE6 under Win2K problem - MS strikes again...

Everything's fine with IE6 under XP - both copies of IE6 have all the latest updates installed.

Also fine from various Linux browsers.

Try it out at http://www.bcs.co.nz/bug.php
 [2003-03-10 04:40 UTC] sniper@php.net
Not a bug in PHP, but in IE/w2k.

 [2003-03-24 20:55 UTC] dreams at apdo dot com
I found an error using Apache 2.0.43 with PHP 4.3.1 and the POST method under WinXP SP1:
 Variables retrieved get corrupted with the variable name!

So a line like this:
...
$pass=$_POST['pass'];
echo $pass;

results into a text showing "passwordenteredpass=paswordentered".

I got arround this nifty bug especifying into the <form method="post" ... the folowing command: ENCTYPE="multipart/form-data".
So the forms looks like:

<form name="form1" method="post" ENCTYPE="multipart/form-data">
<input type="password" name="pass">
<input type="submit" value="Submit">
</form>

And now it works. I'm using IE6 win latest updates and is not the first time it happends. Who's fault? PHP? IE? php4apache2.dll ?? hope some one knows...
 [2003-03-25 05:42 UTC] wez@php.net
Sounds related to Bug #22773
 [2003-03-25 06:43 UTC] sniper@php.net
We don't need duplicates.

 [2004-06-29 13:52 UTC] knazt at hotmail dot com
It's definitely an IE problem. Some respondents to my questionnaire get these type of fields, where +AAA- is added at the end of the values (and other things too). Not all of them use IE 6, some use IE 5.5. I think it could be a virus or spyware. It happens only on one page though, so it could also be something related to the specific HTML on the page. If I find something, I'll post it.
 [2004-06-29 23:00 UTC] dave at bcs dot co dot nz
A workaround, to get IE6 to behave correctly, is to add a line such as:

    <p><font size='1' color='WHITE'>Ignore this but fixes a bug in IE6 ('+' '-').</font></p>

just before or after the <form/> element.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Sep 28 11:03:37 2021 UTC