[PHP-DEV] Bug #13953 Updated: HTML Entities and $HTTP_POST_VARS

Tue, 11 Dec 2001 13:19:57 -0800 

ID: 13953
Updated by: cardinal
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Bogus
Bug Type: Arrays related
Operating System: Free BSD 4.2
PHP Version: 4.0.4pl1
New Comment:

I can't reproduce any part of this bug report on 4.0.6.  My $HTTP_POST_VARS matches 
jeroen's exactly for the product description script, and the following script does not 
translate html entities from their user-entered value.

<form method="post" action="<?= $PHP_SELF ?>" enctype="multipart/form-data">
<textarea name="text" wrap="virtual"><?= 
htmlentities($HTTP_POST_VARS['text'])?></textarea>
<br><input type="submit" value="Submit multipart">
</form>

<form method="post" action="<?= $PHP_SELF ?>">
<textarea name="text" wrap="virtual"><?= 
htmlentities($HTTP_POST_VARS['text'])?></textarea>
<br><input type="submit" value="Submit not multipart">
</form>

<?
  
if (count($HTTP_POST_VARS))
{
    echo '<pre>';
    print_r($HTTP_POST_VARS);
    echo '</pre>';
}
 
?>

I suggest taking this up on a support forum ([EMAIL PROTECTED],
#php on irc.php.net) if it's still an issue.

Previous Comments:
------------------------------------------------------------------------

[2001-11-07 09:12:27] [EMAIL PROTECTED]

I get the same output with both var_dump($HTTP_POST_VARS) and 
print_r($HTTP_POST_VARS): "InfoID" is missing from $HTTP_POST_VARS when I submit the 
form. The strange thing about this problem is that I can't reproduce it on earlier 
versions of PHP.

Perhaps, we should look at the broader question of how PHP deals with HTML entities.

I just placed the following text in the textarea box of the form:
  This is a &#149; test.

When the form is submitted, the script inserts the content into a "text" field in a 
MySQL (v. 3.23.33) database. I checked the record through phpMyAdmin and found that 
the field held exactly what I submitted. No surprises there.

However, when I updated the record, my line of text was changed to:
 This is a &#8226; test.

In other words, the representation of the HTML entity was changed from &#149; to 
&#8226;, either by PHP or MySQL.

This transformation seems to be the source of my problems. Any ideas what's going on?

P.S. -- The MySQL gurus argue that this is a PHP problem.

------------------------------------------------------------------------

[2001-11-06 17:16:22] [EMAIL PROTECTED]

With 4.0.3pl1, I cannot reproduce.

Use var_dump($HTTP_POST_VARS) to check out what vars are submitted and which are not. 
I get:

HTTP_POST_VARS:

array(4) {
  ["InfoID"]=>
  string(2) "67"
  ["InfoTitle"]=>
  string(8) "Product2"
  ["InfoText"]=>
  string(196) "Blah blah blah blah? Blah blah blah
blah™ Blah blah blah blah.
Blah blah blah blah™. Blah blah blah blah.
Blah blah blah blah®. Blah blah blah blah;"
  ["option"]=>
  string(6) "Modify"
}

HTTP_GET_VARS:

array(1) {
  ["selection"]=>
  string(11) "Description"
}




------------------------------------------------------------------------

[2001-11-06 16:43:22] [EMAIL PROTECTED]

Below is a stripped-down version of the form that causes the problems. Note that 
values have been inserted into the form fields, including HTML entities in the 
"InfoText" field. When I click the "Modify" button, "InfoID" does not show up in 
$HTTP_POST_VARS.
Thanks.

<html>
<head>
<title>Administration Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action="index.html?selection=Description" method="post" 
enctype="multipart/form-data">
<p>
<b>Select an Existing Product Description Title</b><br>
<SELECT NAME="InfoID">
<option value="0">Click On a Product Description</option>
<option value="63">Product1</option>
<option value="67" selected>Product2</option>
<option value="69">Product3</option>
<option value="55">Product4</option>
<option value="65">Product5</option>
</select>
&nbsp;<input type="submit" name="option" value="Find">
</p>
<p>
<b>Product Description Title/Headline</b><br>
<input type="text" name="InfoTitle" size="30" maxlength="200" value="Product2">
</p>
<p>
<b>Product Description Text</b><br>
<textarea name="InfoText" cols="40" rows="10" wrap="VIRTUAL">Blah blah blah blah? Blah 
blah blah blah<sup>&#8482;</sup> Blah blah blah blah.
Blah blah blah blah<sup>&#8482;</sup>. Blah blah blah blah.
Blah blah blah blah<sup>®</sup>. Blah blah blah blah;</textarea>
</p>
<p>
<input type="submit" name="option" value="Modify"><br><br>
<input type="submit" name="option" value="Delete"><br><br>
<input type="submit" name="option" value="Clear">
</p>
</form>
</body>
</html>

------------------------------------------------------------------------

[2001-11-06 16:10:45] [EMAIL PROTECTED]

Please submit the shortest reproducing script which does something strange. It's very 
hard to track down the problem if you don't show us exactly what you did.

------------------------------------------------------------------------

[2001-11-06 13:30:29] [EMAIL PROTECTED]

Removing enctype="multipart/form-data" from the form tag does seem to solve the 
problem. However, it creates another. I was planning to add a "file" input type field 
to the form to enable users to upload images. To accomplish that, I'll need to include 
enctype="multipart/form-data". What then? Also, I was hoping to get to the bottom of 
the problem and figure out what's going on with HTML entities and form input. Thanks.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/?id=13953


Edit this bug report at http://bugs.php.net/?id=13953&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to