[php-list] Passing strings with special characters from input to PHP via Javascript

Sun, 05 Aug 2007 19:10:09 -0700 

Hello there,

I know the question is a javascript question but maybe someone here can
help me out.
I have written a new version of my PHP installer which works well except
when the user wants to use complex passwords such as [EMAIL PROTECTED]&*()_+
The password seen by PHP after passed by javascript is: [EMAIL PROTECTED]

I have tried escape() without luck, is there a way to make a string URL
save in javascript?

I checked the apache server log and found this in access.log
/setup_files/validate.php?wodb=workorder2&woip=localhost&worootu=root&[EMAIL 
PROTECTED]&*()_+&wogu=work_guest&wogp=dfhdfgh&wouu=work_user&woup=fdghdfh&wotp=workorder_&wouap=&woutp=&wolk=&sid=0.813938847588878

it appears as if it's a illegal URL problem.

Here is a code example. The user enters the password in collect.php,
when the user hits the "Test Settings" button, all text fields are
passed to validate.js which passes the values to validate.php.
Unfortunately, validate.php will only get part of the password.

Any ideas? Thanks.


######### Collect.php ########
.........
<input name="txtRootPassword" type="text" id="txtRootPassword" size="30"
maxlength="30" />

<input type="button" name="button" value="Test Settings"
onClick="javascript:showHint(this.value);"/>

######## validate.js #########
var xmlHttp

function showHint() {
        var worootp = ""; //Work Order root Password
        worootp  = document.getElementById("txtRootPassword").value;
        worootp = escape(worootp);

var url="validate.php";
url=url+"?wodb="+wodb;
url=url+"&woip="+woip;
url=url+"&worootu="+worootu;
url=url+"&worootp="+worootp;
url=url+"&wogu="+wogu;
url=url+"&wogp="+wogp;
url=url+"&wouu="+wouu;
url=url+"&woup="+woup;
url=url+"&wotp="+wotp;
url=url+"&wouap="+wouap;
url=url+"&woutp="+woutp;
url=url+"&wolk="+wolk;
url=url+"&sid="+Math.random();
xmlHttp.onreadystatechange=stateChanged;
xmlHttp.open("GET",url,true);
xmlHttp.send(null);
}

########## validate.php #########
if( isset($_GET['worootp']) ) { $worootp = addslashes($_GET['worootp']);
} else { $worootp = Null; }
//Work Order Guest User
die($worootp);

Reply via email to