From: [EMAIL PROTECTED]
Operating system: Win2K and Linux
PHP version: 4.3.0
PHP Bug Type: *General Issues
Bug description: $_POST[varname] not interpreted
I am a PHP-newbie but having read the language reference I believe that the
two attached scripts should work the same.
In the first example, the form_block variable is defined within double
quotes. In this example the escape character is used before every " within
the block.
In the second example which fails to give the expected result, the
form_block variable is defined within single quotes and whereever " occur
within the form, there is no escape character. there are no other
differences between the two scripts.
The VALUE="$_FORM(varname)" are within the html in formblock to ensure
that previously entered values are redisplayed.
Try the two out and you see that in the first example, the fields are
initially blank and in the second example, $_FORM(var) is displayed. In
the first when you enter a value and the form errors out, the original
values are retained as expected - in the second, the form always reverts
to $_FORM(var)
I have recrated this problem under Windows/Apache and Linux/Apache. See
phpinfo at the end.
So why not simply use double quotes? I want to use the single quotes
because i am using NetObjects Fusion for my web site development and am
not in control of the html generated - ie I can not use "s because I can
not generate the html with escape characters.
If I can do this I plan to publish a tutorial on how simple it is to use
PHP with netObjects to validate forms thus promoting PHP within the NOF
community. Currently my workaround means using a separate form and PHP
script/error page which is less elegant to the end user.
Example 1: works as expected.
<HTML>
<HEAD>
<TITLE>All-In-One Feedback Form</TITLE>
</HEAD>
<BODY>
<?
$form_block ="
<FORM METHOD=\"POST\" ACTION=\"$_SERVER[PHP_SELF]\">
<P><strong>Your Name:</strong><br>
<INPUT type=\"text\" NAME=\"sender_name\" VALUE=\"$_POST[sender_name]\"
SIZE=30></P>
<P><strong>Your E-Mail Address:</strong><br>
<INPUT type=\"text\" NAME=\"sender_email\" VALUE=\"$_POST[sender_email]\"
SIZE=30></P>
<P><strong>Message:</strong><br>
<TEXTAREA NAME=\"message\" COLS=30 ROWS=5
WRAP=virtual>$_POST[message]</TEXTAREA></P>
<INPUT type=\"hidden\" name=\"op\" value=\"ds\">
<P><INPUT TYPE=\"submit\" NAME=\"submit\" VALUE=\"Send This Form\"></p>
</FORM>";
if ($_POST[op] != "ds") {
//they need to see the form
echo "$form_block";
} else {
echo "<p>OK</p>";
//check value of $_POST[sender_name]
if ($_POST[sender_name] == "") {
$name_err ="<font color=red>Please enter your name!</font><br>";
$send ="no";
}
//check value of $_POST[sender_email]
if ($_POST[sender_email] == "") {
$email_err ="<font color=red>Please enter your e-mail
address!</font><br>";
$send ="no";
}
//check value of $_POST[message]
if ($_POST[message] == "") {
$message_err ="<font color=red>Please enter a message!</font><br>";
$send ="no";
}
if ($send != "no"){
//it's ok to send,so build the mail
$msg ="E-MAIL SENT FROM WWW SITE \n";
$msg .="Sender's Name:$_POST[sender_name]\n";
$msg .="Sender's E-Mail:$_POST[sender_email]\n";
$msg .="Message:$_POST[message]\n \n";
$to ="[EMAIL PROTECTED]";
$subject ="All-in-One Web Site Feedback";
$mailheaders ="From:My Web Site <>\n";
$mailheaders .="Reply-To:$_POST[sender_email]\n\n";
//send the mail
mail($to,$subject,$msg,$mailheaders);
//display confirmation to user
echo "<P>Mail has been sent!</p>";
} else {
//print error messages
echo "$name_err";
echo "$email_err";
echo "$message_err";
echo "$form_block";
}
}
?>
Example 2: does not work as expected
<HTML>
<HEAD>
<TITLE>All-In-One Feedback Form</TITLE>
</HEAD>
<BODY>
<?
$form_block ='
<FORM METHOD="POST" ACTION="$_SERVER[PHP_SELF]">
<P><strong>Your Name:</strong><br>
<INPUT type="text" NAME="sender_name" VALUE="$_POST[sender_name]"
SIZE=30></P>
<P><strong>Your E-Mail Address:</strong><br>
<INPUT type="text" NAME="sender_email" VALUE="$_POST[sender_email]"
SIZE=30></P>
<P><strong>Message:</strong><br>
<TEXTAREA NAME="message" COLS=30 ROWS=5
WRAP=virtual>$_POST[message]</TEXTAREA></P>
<INPUT type="hidden" name="op" value="ds">
<P><INPUT TYPE="submit" NAME="submit" VALUE="Send This Form"></p>
</FORM>';
if ($_POST[op] != "ds") {
//they need to see the form
echo "$form_block";
} else {
//check value of $_POST[sender_name]
if ($_POST[sender_name] == "") {
$name_err ="<font color=red>Please enter your name!</font><br>";
$send ="no";
}
//check value of $_POST[sender_email]
if ($_POST[sender_email] == "") {
$email_err ="<font color=red>Please enter your e-mail
address!</font><br>";
$send ="no";
}
//check value of $_POST[message]
if ($_POST[message] == "") {
$message_err ="<font color=red>Please enter a message!</font><br>";
$send ="no";
}
if ($send != "no"){
//it's ok to send,so build the mail
$msg ="E-MAIL SENT FROM WWW SITE \n";
$msg .="Sender's Name:$_POST[sender_name]\n";
$msg .="Sender's E-Mail:$_POST[sender_email]\n";
$msg .="Message:$_POST[message]\n \n";
$to ="[EMAIL PROTECTED]";
$subject ="All-in-One Web Site Feedback";
$mailheaders ="From:My Web Site <>\n";
$mailheaders .="Reply-To:$_POST[sender_email]\n\n";
//send the mail
mail($to,$subject,$msg,$mailheaders);
//display confirmation to user
echo "<P>Mail has been sent!</p>";
} else {
//print error messages
echo "$name_err";
echo "$email_err";
echo "$message_err";
echo "$form_block";
}
}
?>
PHP info for my Win2k server:
PHP Version 4.3.0
System Windows NT localhost 5.0 build 2195
Build Date Dec 27 2002 05:28:00
Server API CGI/FastCGI
Virtual Directory Support enabled
Configuration File (php.ini) Path C:\WINNT\php.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20021010
Debug Build no
Thread Safety enabled
Registered PHP Streams php, http, ftp, compress.zlib
PHP info for my Linux server:
PHP Version 4.3.0RC2
System Linux ns1.xxx.com 2.4.19PIII #1 Fri Oct 18 10:21:27 EDT 2002 i686
Build Date Dec 2 2002 21:40:37
Configure Command './configure' '--with-mysql'
'--with-apxs=/usr/sbin/apxs'
Server API Apache
Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib/php.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20021010
Debug Build no
Thread Safety disabled
Registered PHP Streams php, http, ftp, compress.zlib
--
Edit bug report at http://bugs.php.net/?id=22155&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=22155&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=22155&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=22155&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=22155&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=22155&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=22155&r=support
Expected behavior: http://bugs.php.net/fix.php?id=22155&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=22155&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=22155&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=22155&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22155&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=22155&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=22155&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=22155&r=gnused
