It's an illegal URI because the ampersand in the password appears unencrypted, which tells the server it is the beginning of a new query string parameter. Use encodeURIComponent() in you Javascript to encode the password and urldecode() in your PHP to change it back.
--- In [email protected], Dick Russel <[EMAIL PROTECTED]> wrote: > > Hello there, > > I know the question is a javascript question but maybe someone here can > help me out. > I have written a new version of my PHP installer which works well except > when the user wants to use complex passwords such as [EMAIL PROTECTED]&*()_+ > The password seen by PHP after passed by javascript is: [EMAIL PROTECTED] > > I have tried escape() without luck, is there a way to make a string URL > save in javascript? > > I checked the apache server log and found this in access.log > /setup_files/validate.php?wodb=workorder2&woip=localhost&worootu=root&[EMAIL PROTECTED]&*()_+&wogu=work_guest&wogp=dfhdfgh&wouu=work_user&woup=fdghdfh&wotp=workorder_&wouap=&woutp=&wolk=&sid=0.813938847588878 > > it appears as if it's a illegal URL problem. > > Here is a code example. The user enters the password in collect.php, > when the user hits the "Test Settings" button, all text fields are > passed to validate.js which passes the values to validate.php. > Unfortunately, validate.php will only get part of the password. > > Any ideas? Thanks. > > > ######### Collect.php ######## > ......... > <input name="txtRootPassword" type="text" id="txtRootPassword" size="30" > maxlength="30" /> > > <input type="button" name="button" value="Test Settings" > onClick="javascript:showHint(this.value);"/> > > ######## validate.js ######### > var xmlHttp > > function showHint() { > var worootp = ""; //Work Order root Password > worootp = document.getElementById("txtRootPassword").value; > worootp = escape(worootp); > > var url="validate.php"; > url=url+"?wodb="+wodb; > url=url+"&woip="+woip; > url=url+"&worootu="+worootu; > url=url+"&worootp="+worootp; > url=url+"&wogu="+wogu; > url=url+"&wogp="+wogp; > url=url+"&wouu="+wouu; > url=url+"&woup="+woup; > url=url+"&wotp="+wotp; > url=url+"&wouap="+wouap; > url=url+"&woutp="+woutp; > url=url+"&wolk="+wolk; > url=url+"&sid="+Math.random(); > xmlHttp.onreadystatechange=stateChanged; > xmlHttp.open("GET",url,true); > xmlHttp.send(null); > } > > ########## validate.php ######### > if( isset($_GET['worootp']) ) { $worootp = addslashes($_GET['worootp']); > } else { $worootp = Null; } > //Work Order Guest User > die($worootp); >
