So this never happen to me before until today.
I have a login form trying to send a simple post to the action form. var_dump returns array 0 when i use post method BUT when i use method = get and var_dump the get i get all the strings.
here is my html code
<form name="mlsnavform" id="mlsnavform" action="script/mlsnavform.php" method="POST">
<input id="uname" name="uname"type="text" placeholder="Username" autocomplete="off">
<input id="loginbtn" name="loginbtn" type="submit" value="SIGN IN">
</form>
here is mlsnavform.php
<?php
var_dump($_POST);
?>
And the result of this is array(0) { }
But when i change the method from post to get, and use var_dump($_get) instead of $_post i DO get the values but ofcourse login credentials showing up in your URL address is not something i would ever want to do.
Using get fills my array with what i need tho
array(2) { ["uname"]=> string(9) "damnitphp" ["loginbtn"]=> string(7) "SIGN IN" }
This never happen to me, i've been scrolling on stack for almost 2 days now for a "posible duplicate" before i decide to make a new post but there was only 1 i found which had an answer talking about "PHPStorm" but i do not use phpstorm. I use notepad++(yes i could use sublime or atom or brackets but im so used to notepad i dont feel the need of switching to another text editor).
Anyone know any fix for this? thanks in advance!
EDIT: So today i decide to open a project i made 4months ago that always worked, but the post from that page isnt working either. So what did i do? i decided to to remove that 1 thing i added a couple of weeks ago before all these issues started.
URL REWRITE from IIS so i can remove the .phpextension
So basically this was my issue all along but so far googling around there isnt a single topic on the net where other people are talking about this. If there maybe a similar issue to this. would much appreciated if someone can comment me the link or a solution.thanks in advance.
So my issue is "$_POST" doesnt work when i have my URL Rewrite code in the webconfig. if i remove the rewrite code then the .php extension shows in the browser(which i don't want) but my $_post methods work again.
You can check the enable_post_data_reading in php.ini
From php.ini:
; Whether PHP will read the POST data.
; This option is enabled by default.
; Most likely, you won't want to disable this option globally. It causes $_POST
; and $_FILES to always be empty; the only way you will be able to read the
; POST data will be through the php://input stream wrapper. This can be useful
; to proxy requests or to process the POST data in a memory efficient fashion.
; http://php.net/enable-post-data-reading
Check if this option is uncommented and comment this with ";"
;enable_post_data_reading = Off
You probably are taking the superglobal variable names POST and GET too literal. $_GET is the parsed query string, it's independent of the HTTP method, i.e. it will always be present, even with POST requests. $_POST is the parsed HTTP body when conforming to some constraints (the content-type header has to specify either application/x-www-form-urlencoded or multipart/form-data, and I think the method really has to be "POST" - Note that when NOT conforming to the constraints, even if you'd use the POST method, you won't get any data inside $_POST.
<form name="mlsnavform" id="mlsnavform" enctype="application/x-www-form-urlencoded" action="script/mlsnavform.php" method="POST">
<input id="uname" name="uname"type="text" placeholder="Username" autocomplete="off">
<input id="loginbtn" name="loginbtn" type="submit" value="SIGN IN">
</form>
Related
I am trying to input submit value and want to pass the value to another page through GET but for that I have to use two Clicks button.
I want the same in a single click. Help required.
Code:-
<form method="post">
<input name="inwardid" type="text" id="inwardid" />
<?php $inwardid = $_POST['inwardid']; ?>
<input type="submit" value="Next" />
</form>
<a href="addbook.php?up=<?php echo $inwardid; ?>"><button>Proceed</button>
You want to send the value the user typed in to the other page. So use this for your <form>:
<form method="POST" action="addbook.php">
<input name="up" type="text" id="up">
<input type="submit" value="Proceed">
</form>
To access the value in addbook.php, use $_POST['up'].
This will send the value the user typed in the input label (type="text") to the addbook.php page, using a $_POST. No need for a $_GET, $_POST will do just fine.
As you deliberately asked for method GET, my solution shows you GET!
You must know there is no security issue when using GET. It depends what you want to do. GET is useful if you want to use a dynamic code in multiple ways depending on some some variables that you do not want to hard-code in your script, or simply do not want to send files or other huge data.
Lets admit a newspaper has a site called breaking_news.php and you want to access the breaking news of November 8, 2016you could use this as :
breaking_news.php?y=2018&m=11&d=08
The fact that one can see your GET vars means nothing. Even by using POST one can see your variables by looking at your code. And one way or the other you must protect against code injection and brute force.
But if your not in the mood to show this vars to your visitor you can use URL rewriting to rewrite the url above in the browser as
RewriteRule ^breaking/(.*)/(.*)/(.*)/news\.html$ breaking_news.php?y=$1&m=$2&d=$3 [NC,L]
so you send your visitor to see the (rewritten)URL
breaking/2018/11/08/news.html
but what the web-server is showing him is:
breaking_news.php?y=2018&m=11&d=08
A reason to use this if for example when you want your dynamic site to be taken into consideration by some searching engine as a static site, and get indexed. But this is again another battle field.
Second, you want to send the variable to "addbook.php", and not to itself.
Your question sounded like you want to send to "another page" not to the same page.
Third, I can see in your code snippet you want to submit the variable "up" and not "inwardid", as you did in your code.
And also I can see you want the "submit" button to be called "Proceed".
Your code would look like this:
<form method="GET" enctype="application/x-www-form-urlencoded" action="addbook.php" target="_blank">
<input name="up" type="text" id="inwardid" />
<input type="submit" value="Proceed" />
</form>
As I said you must protect against injection, and this means for example, that in the "addbook.php",to whom you are sending the variables you must write some code that protects you against this issues. As your question is not in this direction I will not enter this subject.
To avoid problems with special chars you must "url-encode" your variable specially when sending them per POST method. In this case you must use this enctype if your handling text. Because this enc-type is transforming special chars into the corresponding ASCII HEX-Values.
Using GET your safe, because GET cant send in another enc-type. So your variable will automatically be url-encoded and you receive a string that is compliant to RFC 3986 similar by using:
rawurlencode($str)
Lets admit someone smart guy fills in a your input box the following code, in the desire to break your site. (This here is not exactly a dangerous code but it looks like those who are.)
<?php echo "\"?> sample code in c# and c++"; ?>
using enctype="application/x-www-form-urlencoded" this will become something like this:
%3C%3Fphp%20echo%20%22%5C%22%3F%3E%20sample%20code%20in%20c%23%20and%20c%2B%2B%22%3B%20%3F%3E
what makes it safe to be transported in a URL, and after receiving and cleaning it using
strip_tags(rawurldecode($_GET['str']))
it would output something like this, what is a harmless string.
sample code in c# and c++
I've recently migrated servers and found that all $_POST requests on my website are no longer working. The requests always successfully redirect to the 'post' page, but no data is sent and print_r($_POST) always turns up an empty string. I believe this issue has something to do with PHP's settings because the problem occurs over multiple pages which were working fine on the previous server (GET requests seem to still be working fine).
I created a test.php file in my home directory with a very simple POST form to try to rule out any variables.
<?php print_r($_POST); ?>
<form action="test.php" method="POST">
Name: <input type="text" name="name"><br>
<input type="submit">
</form>
the page always prints only an empty the array Array ( )
Any help would be greatly appreciated, I'm sure its something simple but google doesn't seem to have the answer :(
I've realized the issue was in my .htaccess file. My POSTS were being stripped of their extensions and losing all the post data.
this topic php $_POST array empty upon form submission was the most help
When I try to submit a form from mysite/form to mysite/import using this form:
<form action="../import" method="POST">
<input type="text" name="hidden" value="hi">
<input type="submit">
</form>
The import site doesn't seem to recieve the post. I get redirected to the import site, but the data doesn't seem to be there. When checking I discovered this:
var_dump($_SERVER['REQUEST_METHOD']) gives string(3) "GET"
var_dump($_POST) gives array(0) {}
var_dump($_REQUEST) gives array(0) {}
When using the same form from the import site, everything works, and when I use the form page to some random other page, it also works.
I've already tried to add method='POST' to everything, or adding formmethod="post" formaction="../import" to the submit button, but nothing works.
My guess is that you have an intermediate redirect. There's nothing wrong with your code at first glance. Turn on developer tools in your browser (make sure the log is preserved so that it doesn't clear when the browser navigates to a new page), and watch the network activity. (You can also use a tool like Fiddler to do this). I'll bet you see a POST followed by a GET redirect to the final page.
The fact that the exact same code works on another site might indicate an .htaccess file or something in play.
found the problem.
Apperently there is something wrong with using mysite/import, and when I changed the action to action='../import/' (instead of action='../import') it worked.
I can't get the $_POST['name'] values sent from an html form on my php file. I've seen lots of similar questions but nothing helped. I have lot's of includes so I believe it's a scope issue, but I can't figure it out.
index.php
print_r($_POST); //Returns nothing, tried other ways too
//lot's of variables being defined
include 'sql_data_handlers.php';
//instantiating some things
sql_data_handlers.php
//some functions retrieving data from sql db and finally:
include($DOCUMENT_ROOT . "page.html");
page.html
//html stuff
<?php
//Some conditions
include($DOCUMENT_ROOT . "comment_form.html");
?>
comment_form.html
<form action="index.php" name="comment_form" id="comment_form" method="post">
<input type="text" name="name" value="Anonymous" required><br>
//lot's of inputs
<input type="submit">
</form>
I used to have action="send_comment.php" but I realized it could be turned into a function so I ctrl+c and adapted send_comments.php to a function on sql_data_handlers.php. The problem is, now I can't get the $_POST values on index.php to use in the function on sql_data_handlers.php (which is included in index.php).
I would use action="my_php_function_from_data_handlers.php($args)" if it was possible, but I guess it isn't. btw, I already tried action="". This may seem pretty messy but this way I only need one .html for the site layout, pages are on the sql and the .php files do all the job.
Complete source of all files (pretty big, still working on it):
http://pastebin.com/2nRuCpNx
Make sure you don't have any kind of redirects, since you're using index.php to save data, you're probably reloading the page to show the updated comments. And if you're reloading, there'll be no data on $_POST to be printed by print_r().
Try changing the value of the input name attribute to something different from "name". Some configurations have issues with that, especially wordpress.
for example:
<input type="text" name="user_name" value="Anonymous" required>
would you mind to change your
.html filename to .php filename
your codes runs in my local server because sometimes the difference lies in how your web server is configured.
when running in an web server it is best to use .php in your files
I have a simple HTML form, sending a post request to a php script. In IE8, the form only works intermittently - most of the time the PHP script sees an empty $_POST variable.
Here's my code:
<html>
<head>
<title>Post test</title>
</head>
<body style="text-align: center;">
<?php
echo "<pre>".print_r($_POST, TRUE)."</pre>";
?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="name">
<input type="hidden" name="hidden" value="moo" >
<input type="submit" value="Search" >
</form>
</body>
</html>
Sometimes the print_r gives the response you'd expect (i.e. it's populated with the data from the form), most of the time it's empty.
Not being able to use POST is a bit of a problem for web applications - anyone got any ideas what's going on, and how to fix it?
Thanks everyone for wading in on this one.
It turns out the problem lay in an Apache module I had enabled.
It's a module to allow apache to use Windows authentication to identify a user via their Windows User id - mod_auth_sspi
The effect is caused by a known bug, in the module, but with a simple extra directive this can be worked around, until a fix is added in the next update, as described here:
http://sourceforge.net/projects/mod-auth-sspi/forums/forum/550583/topic/3392037
That sounds very very bizarre. Does it happen in other versions of IE as well?
I can't tell you what the problem is, but here are my suggestions on how to diagnose it:
Print $_REQUEST rather than just $_POST, to see if the data is coming in via another method.
Use a tool like Fiddler or Wireshark to track exactly what is actually being sent by the browser.
Fiddler in particular has been very helpful for me a few times (mainly when debugging Ajax code), and will tell you exactly what was posted by the browser. If your web server is localhost, you can also use Fiddler to track what is received before PHP gets its hands on it. If not, you can use wireshark on the server if you have permissions for installing that sort of thing.
In addition to Fiddler, I would have suggested a browser-based tool like Firebug, but I don't know of one for IE that is good enough (The IE dev toolbar doesn't give you details of request and response data, as far as I know).
I'm suspicious that when the script is telling you that $_POST is empty, you did not actually POST the form. You can check by adding print($_SERVER['REQUEST_METHOD']); after your print_r($_POST);
If you are posting a file some of the time (i.e. with a file input) then make sure you set enctype="multipart/form-data" in your <form> element.
Have you checked the generated html? Is it possible that echo $_SERVER['PHP_SELF'] isn't producing the output you're after, which messes up the form html, which messes up the POST?