This is the most weird PHP issue I ever had. Several minutes ago I noticed that my script stopped working properly. To keep it short, after debugging I found that if any variable in POST form has < symbol at the start, PHP doesn't process it anymore. This is super-strange because my code worked for years. Now, this issue happens not only on localhost, but also on 2 different servers (just installed the script there to test). So the issue can't be related to PHP config in any way.
This is the actual code I use to get all variables submitted via POST form:
if (isset($_POST)) {$form_array=$_POST;} //super variable with all form variables
Then I "extract" array values to create actual variables with correct values. But it just stopped working now. I added extra line of code to debug submitted variables:
print_r($form_array);
If I enter something into form and submit it, result is:
Array ( [var1] => something [submit_ok] =>)
However, if I enter <something, the result is:
Array ( [submit_ok] => )
The variable doesn't even exist! If I enter something<, it starts working again. However, If I enter something<here, it doesn't work again. Put simply, if any value in form contains < symbol followed by any letter, variable doesn't even exist. What the hell?
P.S. Adding HTML code of the form (this is COMPLETE code):
<form action="test.php" method="post">
<input type="text" name="var1">
<input type="submit" name="submit_ok" value="do">
</form>
I, assuming you're testing this in a browser, think it's just the browser interpreting the < symbol as the beginning of a HTML tag and then trying to render it, which fails, because it doesn't know what to do with the <something> tag.
If this is what you're seeing in the browser:
But after pressing CTRL+U (in Chrome) you're seeing:
Then it's just a rendering "problem" and my calculations were correct.
Consider adding this in your PHP files, as it tells the browser not to treat the output as HTML but rather as plain text:
<?php
// This must be called before _any_ other output is sent to the client.
header('Content-type: text/plain');
I have no logical explanation, but once I rebooted all the devices (router, server, computer) everything came back to the normal state. I noticed that after computer reboot, Firefox was updated (so maybe that update caused the issue somehow, no idea).
Anyways, everything is working normally again without modifying a single line of code.
The less than gets URL encoded as "%3C" so printing it won't work since browsers see it as a broken HTML tag, but if you...
$var1=urldecode ($_POST['var1']);
Before using $var1 in a database query, it should work. To actually print it, you could do
echo html_entity_decode(urldecode($var1));
Related
I've some strange issues with some php code.
if ($user->userType=='admin'){
If I use the above command, the php engine just stop interpreting and display the code in plain text on my browser. On the other hand if I use the below method it works:
if ($user['userType']=='admin'){
Again here also:
$_SESSION['currentUser']->id
If I use the above code it just displays the rest of code as plain text:
id); // fail user }else{ $authentication="failed"; $noAuthPresentation="loginForm"; }
Why this is happening? It's a big project and I don't want to change every line where there is an occurrence of ->.
Do I need to change some setting somewhere? I'm using WAMP server with php 5.5.12.
Any help ? Thanks!
You're mixing up types, user is an array, and not an object. Something in your php config is doing something strange to your error display it seems. Right click on the page that has the errors, and view source if possible.
Does login.php contain html and php code by chance?
I am using AJAX to store the first 4 digits of a credit card in $_SESSION["first4"] number during the onBlur event. I have a sample which works flawlessly. Then I take that good code and stick it a shopping cart we purchased from Clearcart (we now own the code). The issue is that the $_SESSION variable is always empty in the AJAX php receiver program. Here is the entirety of the program:
$sessionName = "ClearCart20UserSession";
if (isset($_REQUEST[$sessionName])) session_id($_REQUEST[$sessionName]);
$started = session_start();
$_SESSION["first4"] = isset($_GET["first4"])?$_GET["first4"]:"";
After that fourth line of code the following variables are dumped: (i.e. these are output values not assignment statements)
$started = 1
session_id=4f920c1fe5e2078d95f7700ece674659
$_REQUEST=Array
(
[first4] => 5554
[PHPSESSID] => 4f920c1fe5e2078d95f7700ece674659
[ClearCart20UserSession] => 4f920c1fe5e2078d95f7700ece674659
)
$_SESSION=Array
(
[first4] => 5554
)
$_SESSION in the calling program literally contains thousand of variables. Yet, here in the receiver it is empty except for the variable I set.
Notes:
1) That is the same session_id/PHPSESSID as in the calling program - I have dumped it. (When I say calling program I mean the php program which generated the html form; obviously the actual 'calling' program is the javascript in the browser)
2) The http type and domain are identical (both are https:). I have put the receiver ajax program in the same directory as the caller just to eliminate any cross-domain issues.
3) The session save path is /tmp and when I look in that folder the sess_4f920c1fe5e2078d95f7700ece674659 file exists. (Although it seems smaller than I would expect with thousands of variables).
4) When I go back a page in my browser and then forward to re-show formerly saved session variables (i.e. things like form input values) they still exist so the AJAX recipient is not clearing $_SESSION as the empty array might imply.
5) The shopping cart uses cookies and the cookie values are correctly reflected in $_REQUEST as expected.
6) I added session_write_close() to the end of the main/caller program to ensure the session file is not open. Should not matter as the caller php terminates and nothing happens till the javascript event fires AJAX.
7) FWIW session.upload_progress.enabled is on.
8) Curiously the shopping cart uses AJAX for its own purposes which I believe is working fine. Regardless, I don't see how that could impact me - its completely different AJAX called and received by different javascript and php respectively.
9) As mentioned above, this virtually identical code works in a test sample I developed where I even mimic using cookies.
10) I have read several dozen postings on this issue but none have fixed my problem. Most seem to be related to not using session_start or having the right session_id.
What else can I try?
Found the problem: the shopping cart software changed the session folder with this line of code:
session_save_path("tmpsession");
Hence, even though the session_id's were identical the session files were stored in two different folder locations (the AJAX file was in /tmp and the main calling program was using www/tmpsession).
I'm making a small CMS for practice. I am using CKEDITOR and is trying to make it avaliable to write something like %contactform% in the text, and then my PHP function will replace it with a contactform.
I've accomplished to replace the text with a form. But now I need the PHP code for the form to send a mail. I'm using file_get_contents(); but it's stripping the php-code.
I've used include(); to get the php-code from another file then and that works for now. I would like to do it with one file tho.
So - can I get all content from a file INCLUDING the php-code?
*UPDATE *
I'll try to explain in another way.
I can create a page in my CMS where I can write a header and some content. In the content I am able to write %contactform%.
When I get the content from the database I am replacing %contactform% with the content from /inserts/contactform.php, using file_get_contents(); where I have the form in HTML and my php code:
if(isset($_POST['submit'])) {
echo 'Now my form is submitted!';
}
<form method="post">
<input type="text" name="email">
<input type="submit" name="submit">
</form>
Now I was expecting to retrieve the form AND the php code active. But If I press my submit button in the form it's not firing the php code.
I do not wan't to show the php code I want to be able to use it.
I still have to guess, but from your update, I think you ultimatly end up with a variable, which contains the content from the database with %contactform% replaced by file_get_contents('/inserts/contactform.php').
Something like:
$contentToOutput = str_replace(
'%contactform%',
file_get_contents('/inserts/contactform.php'),
$contentFromDatabase
);
If you echo out that variable, it will just send it's content as is. No php will get executed.
Though it's risky in many cases, if you know what you're doing you can use eval to parse the php code. With mixed code like this, you maybe want to do it like the following.
ob_start();
eval('; ?>' . $contentToOutput);
$parsedContent = ob_get_clean();
$parsedContent should now contain the results after executing the code. You can now send it to the user or handle it whatever way you want to.
Of course you'll have to make sure that whatever is in $contentToOutput is valid php code (or a valid mixture of php with php-tags and text).
Here is a link to the symfony Templating/PhpEngine class. Have a look at the evaluate method to see the above example in real code.
yes...
$content = file_get_contents( 'path to your file' );
for printing try
echo htmlspecialchars( $content );
From reading the revised question, I think the answer is "You can't get there from here." Let me try to explain what I think you will encounter.
First, consider the nature of HTTP and the client/server model. Clients make requests and servers make responses. Each request is atomic, complete and stateless, and each response is complete and usually instantaneous. And that is the end of it. The server disconnects and goes back to "sleep" until the client makes a new request.
Let's say I make a request for a web page. A PHP script runs and it prepares a response document (HTML, probably) and the server sends the document to my browser. If the document contains an HTML form, I can submit the form to the URL of the action= script. But when I submit the form, I am making a new request that goes back to the server.
As I understand your design, the plan is to put both the HTML form and the PHP action script into the textarea of the CKeditor at the location of the %contactform% string. This would be presented to the client who would submit the form back to your server, where it would run the PHP script. I just don't think that will work, and if you find a way to make it work, you're basically saying, "I will accept external input and run it in PHP." That would represent an unacceptable security exposure for me.
If you can step back from the technical details and just tell us in plain language what you're trying to achieve, we may be able to offer a suggestion about the design pattern.
I'm working a web application with PHP.
Something wrong is happening that I have never seen before. $_GET is working well, but $_POST does not work exactly. Imagine the form below:
<form action="process.php" method="post">
<input type="text" name="title" />
<input type="submit" value="send" />
</form>
As you see, I've used post for method attribute of the form. In this case, the code below will return error:
<?php
$sentData = $_POST['title'];
echo($sentData);
?>
Error message:
PHP Notice: Undefined index: title in ...
But If I had used $_GET in php scripts and get in the html form codes, everything would work without any error.
There are something more strange.
There are just one form that returns no error while I'm using POST, other forms return error.
When I run this application locally (with Xampp - Apache 2.2) everything works fine without any error, but whenever I run the application an the remote server (IIS 7), I get these errors and problems.
so i would approach this in a couple of different ways:
#Dynamicus is correct, this is only a 'Notice' and not a fatal error (at least you didn't say so in the question), so this may be a difference in your .ini config or with a config definition to suppress errors like so 'error_reporting(0);'
You may want to make a back up of your current running .ini on your local and on the server and copy the working one over to your server and restart Apache and see if that makes a difference.
Why the indexed array (ie $_POST) is producing a warning is somewhat bizarre, but do a "print_r($_POST);" or a "var_dump($_POST);" to see the contents or if anything is off.
if you're using a framework or something that does routing, this could be something to look into.
i hope this helps and there are more settings for error reporting [here] http://php.net/manual/en/function.error-reporting.php
Your input element needs both a name and value property.
Finally I changed the server that my files were located on it. I tried them on another server (same OS), and everything worked fine.
I could not get what was the reason... This was the first time that I was getting this unknown error.
However, thank you all for your suggestions and comments.
Hey everybody, this issue has had me stumped for the last week or so, here's the situation:
I've got a site hosted using GoDaddy hosting. The three files used in this issue are index.html , milktruck.js , and xml_http_request.php all hosted in the same directory.
The index.html file makes reference to the milktruck.js file with the following code:
<script type="text/javascript" src="milktruck.js"></script>
The milktruck.js file automatically fires when the site is opened. The xml_http_request.php has not fired at this point.
On line 79 out of 2000 I'm passing the variable "simple" to a function within the milktruck.js file with:
placem('p2','pp2', simple, window['lla0_2'],window['lla1_2'],window['lla2_2']);
"simple" was never initialized within the milktruck.js file. Instead I've included the following line of code in the xml_http_request.php file:
echo "<script> var simple = 'string o text'; </script>";
At this point I have not made any reference whatsoever to the xml_http_request.php file within the milktruck.js file. I don't reference that file until line 661 of the milktruck.js file with the following line of code:
xmlhttp.open('GET',"xml_http_request.php?pid="+pid+"&unLoader=true", false);
Everything compiles (I'm assuming because my game runs) , however the placem function doesn't run properly because the string 'string o text' never shows up.
If I was to comment out the line of code within the php file initializing "simple" and include the following line of code just before I call the function placem, everything works fine and the text shows up:
var simple = 'string o text';
Where do you think the problem is here? Do I need to call the php file before I try using the "simple" variable in the javascript file? How would I do that? Or is there something wrong with my code?
So, we meet again!
Buried in the question comments is the link to the actual Javascript file. It's 2,200 lines, 73kb, and poorly formatted. It's also derived from a demo for the Google Earth API.
As noted in both the comments here and in previous questions, you may be suffering from a fundamental misunderstanding about how PHP works, and how PHP interacts with Javascript.
Let's take a look at lines 62-67 of milktruck.js:
//experiment with php and javascript interaction
//'<?php $simpleString = "i hope this works"; ?>'
//var simple = "<?php echo $simpleString; ?>";
The reason this never worked is because files with the .js extension are not processed by PHP without doing some bizarre configuration changes on your server. Being on shared hosting, you won't be able to do that. Instead, you can rename the file with the .php extension. This will allow PHP to process the file, and allow the commands you entered to actually work.
You will need to make one more change to the file. At the very top, the very very top, before anything else, you will need the following line:
<?php header('Content-Type: text/javascript'); ?>
This command will tell the browser that the file being returned is Javascript. This is needed because PHP normally outputs HTML, not Javascript. Some browsers will not recognize the script if it isn't identified as Javascript.
Now that we've got that out of the way...
Instead I've included the following line of code in the xml_http_request.php file: <a script tag>
This is very unlikely to work. If it does work, it's probably by accident. We're not dealing with a normal ajax library here. We're dealing with some wacky thing created by the Google Earth folks a very, very long time ago.
Except for one or two in that entire monolithic chunk of code, there are no ajax requests that actually process the result. This means that it's unlikely that the script tag could be processed. Further, the one or two that do process the result actually treat it as XML and return a document. It's very unlikely that the script tag is processed there either.
This is going to explain why the variable never shows up reliably in Javascript.
If you need to return executable code from your ajax calls, and do so reliably, you'll want to adopt a mature, well-tested Javascript library like jQuery. Don't worry, you can mix and match the existing code and jQuery if you really wanted to. There's an API call just to load additional scripts. If you just wanted to return data, that's what JSON is for. You can have PHP code emit JSON and have jQuery fetch it. That's a heck of a lot faster, easier, and more convenient than your current unfortunate mess.
Oh, and get Firebug or use Chrome / Safari's dev tools, they will save you a great deal of Javascript pain.
However...
I'm going to be very frank here. This is bad code. This is horrible code. It's poorly formatted, the commenting is a joke, and there are roughly one point seven billion global variables. The code scares me. It scares me deeply. I would be hesitant to touch it with a ten foot pole.
I would not wish maintenance of this code on my worst enemy, and here you are, trying to do something odd with it.
I heartily encourage you to hone your skills on a codebase that is less archaic and obtuse than this one before returning to this project. Save your sanity, get out while you still can!
perhaps init your values like this:
window.simple = 'blah blah blah'
then pass window.simple
You could try the debugger to see what is going on, eg. FireBug