My apologies for asking this question that I'm sure has been done before.
I'm not that knowledgable as far as PHP so the research I've done on this has been fruitless.
I've purchased and used an HTML template which has an email subscribe form at the bottom. The form is supposed to capture the entered email and add it to a text file with a list of submitted emails from what I understand.
Here is the excerpt from the html in the footer:
<form action="save-email.php" method="post" style="margin-top: 0px;">
<input type="text" name="email" placeholder="Get email updates...">
</form>
And here is the content of the corresponding save-email.php file:
<?php
$email = $_POST['email'];
$fp = fopen('submitted-emails.txt', 'a');
$savestring = $email . '
';
fwrite($fp, $savestring);
fclose($fp);
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>
I've contacted the creators who pretty much told me to make sure my PHP version was up to date and that it was a server configuration error so they won't help me further...
I have PHP version 5.5.9 on an Ubuntu 14.04 Digital Ocean VPS
I've also edited the php.ini file to have register_globals turned on, but that did not help so I turned it off as I've read that is a security issue.
Any help would be greatly appreciated, thank you very much.
This answer is in another context then question Because I was here to check the solutions.
I was posting(method="post") the form but it was not posting the data. When I check the data with print_r($_POST) I was getting blank array.
I have felt this issue several times on servers.
The cause of this error is redirection from .htaccess file.
Some time it happens our site is running on http://www.example.com/* and we have created rules in .htaccess to redirect all the request to http://example.com/* to http://www.example.com/* or vice versa.
If post request is to different location then this issue occurs. So make sure the post url starting string should be same(www or without www check in url).
I have spent lot of time on the same issue but could not find the solution any where in stackoverflow. So I have given the solution.
Try to create a file with name submitted-emails.txt at the same directory with save-email.php and change the permissions of file to +w for all users.
Well, Are you sure post not working, Please check post method contains data or not by using.
var_dump($_POST); and var_dump($_REQUEST);
if you not found email id in post then it will be in request if it is then your request is submitting by get method.
if it display an array with email entered in post then your post method in working and problem is with file file was unable to open due to security problem/incorrect path or may be due to file permission. So check and let me know.
So, I got my PHP script to store input in a .txt file, however, something is not working with my html page. I want to output text to both a .txt file as well as a div on my html page.
I personally think it has to do with the fact that the script itself is on a separate page and I'm refreshing the page so there is never an opportunity to show up. I feel like what the PHP script should do is pull from the .txt file instead. But not sure.
I've tried action="" and putting the PHP on the same page but that didn't write to the .txt file. The ONLY way it has written to the .txt file is when I do action="[php file]".
Any ideas?
HTML:
The reference:
<?php require_once('storeText.php');?>
The Form:
<form id="post" name="post" action="storeText.php" method="post">
<textarea name="msg" rows="5"></textarea>
<input class="button" name="submit" type="submit" value="SQUAWK!"/>
</form>
Where I want the input to go on the page:
<div class="menuItem" >
<?php echo $msg; ?>
</div>
PHP:
storeText.php
<?php
if ( isset( $_POST['submit'] ) ) {
$filename = 'posts.txt';
$msg = (isset($_POST['msg']) ? $_POST['msg'] : null);
if ( is_writable( $filename ) ) {
if ( $handle = fopen( $filename, 'a') ) {
fwrite( $handle, $msg );
echo "Success, wrote ( $msg ) to file ( $filename )";
fclose( $handle );
} else {
echo "Could not open file.";
}
} else {
echo "File not writable.";
}
header("Location: profile.html");
}
?>
FYI- I decided to use an alternate script for all the fwrite() haters out there... same deal... won't write to html page.
ALTERNATE PHP:
<?php
if(isset($_POST['submit']))
{
$file = 'posts.txt';
// Open the file to get existing content
$msg = file_get_contents($file);
// Append new content to the file
$msg .= (isset($_POST['msg']) ? $_POST['msg'] : null);
// Write the contents back to the file
file_put_contents($file, $msg);
header("Location: profile.html");
}
?>
Nikhil Patel pretty much beat me to this in the comments on your question, but let me try to offer some more detail.
I'm not 100% sure I'm reading your question correctly, so correct me if I'm wrong on any of this: You have a form on profile.html, which sumbits to storeText.php. StoreText.php writes the file and redirects back to profile.html. Then you want profile.html to display the same $msg variable that got written to the text file, but it isn't doing that. Is that right?
You may have a problem with expecting a .html file to be executed as PHP code. I don't know how your Web server is set up, but normally only .php files are parsed by PHP. You might try renaming profile.html to profile.php and see if that makes a difference. From here on out, I'll be assuming that profile.html is being parsed as PHP; if I'm wrong about that, you'll probably have to rename the file.
The real problem is the redirect. You could take either of two different approaches here. One way to do it would be to include storeText.php in profile.html and have the form submit to profile.html. Then the $msg variable would be available in profile.html and should display. The other approach would be a POST/redirect/GET setup in which the form submitted to storeText.php, which did the work and redirected the user back to profile.html.
The thing is, you can't do both the include and the redirect. That's where you're running into problems. See, each HTTP request from the client, including the new request that the client sends in response to the redirect header, causes your script to be run again from scratch. The brand new profile.html that starts up after the redirect has never seen the $msg variable that contained the value that was written to the file. The reason submitting to profile.html didn't work is that it includes all the code from storeText.php, including the redirect, and even if you redirect to the same file, it's still a new request.
If you want to use the redirect, you'll need some way of storing that variable on the server side so that profile.html can get to it. The usual way of doing this is with sessions. Just have both profile.html and storeText.php set up sessions, have storeText.php save $msg to the session, and have profile.html pull it back out. Then remove the require_once('storeText.php'); line from profile.html, since you don't need that logic there anymore.
If you're not attached to the redirect, then you can do what I normally do (and what Nikhil Patel suggested in the comments). I normally put my form-displaying logic and my form-processing logic in one file, which decides what to do based on whether there's form input. I find this makes it easier to do validation, among other things, but I digress. All you really have to change here is to have the form submit to profile.html (action="" will work fine) and remove the redirect from storeText.php. Then everything will work as you expect.
However, both these approaches are completely wrong if the whole point of what you're doing is to make profile.html output whatever's in the text file, regardless of whether or not you're seeing it right after the form submission. In that case, don't worry about keeping that $msg variable at all. Keep storeText.php pretty much as it is, including the redirect. Remove the include from profile.html. Then, instead of having profile.html just try to echo $msg, have it open the file and echo its contents. (You can even set up a loop to read in one line at a time and put each one in a separate div if you want.)
On re-reading your question, I can't quite tell which behavior you actually want. Your first version of storeText.php only stores the new content in $msg, and uses the fopen/fwrite/etc. functions to append it to the file. So if $msg did survive the redirect (e.g. if you stored it in a session), the user would only see the new bit that was added to the file. The alternate version loads the file into $msg, appends the new content to that, and overwrites the file with $msg. If $msg survived the redirect in that case, the user would see the entire contents of the file.
However, in either case, the user would only see the results right after submitting the form; a fresh GET request to profile.html would still show an empty div. If you want the information to be displayed any time a user views profile.html, reading it from the file is the only option.
By the way, you may already know this but it is worth making explicit anyway: Do not display any values you got from the user without escaping them. If you do, then your page will allow an attacker to input malicious code and have it run in your users' browsers. This applies whether you got the values from the last form input or from a file. Read up on cross-site scripting (XSS) at IT Security StackExchange or OWASP.org.
Use File Put Content to store data on any file
I have a website (www.website.com) and on the homepage is a form, where the user set up a city. After sending the form, I am trying to have the following URL address:
www.website.com/city-name
But I am lost a bit here, because I am not sure, how to set up the form (GET or POST is better for this need?), and .htaccess.
Could anyone help with this? Thank you
After the form is submitted you could redirect your users via PHP redirect, or am i missing something?
header('Location: http://www.website.com/city-name');
But be careful, this can only be used before you send any output!
PHP: header()
You could let the submit button run a javascript function.
In that javascript function, use
var cityName = document.getElementById("the textarea id").value
to get the value the user typed for the city name.
Then redirect to the right page:
window.location='http://www.website.com/' + cityName
I have a custom Content Management System (CMS) I've built that works perfectly on my dev box (Ubuntu/PHP5+/MySQL5+).
I just moved it up to the production box for my client and now all form submissions are showing up as empty $_POST arrays.
I found a trick to verify the data is actually being passed using file_get_contents('php://input'); and the data is showing up fine there -- the $_POST/$_REQUEST arrays are always empty.
I've also verified the content-type headers are correct as well via firebug (application/x-www-form-urlencoded; charset=utf-8).
This issue is happening regardless of whether a form is submitting via AJAX or a regular form submit.
Any help is greatly appreciated!
When using JSON content-type the $_POST array will not populate (only with multi-part forms I believe)
Here is how I correct the issue:
$_POST = json_decode(file_get_contents("php://input"), true);
Here's another possible cause:
My form was submitting to domain.example without the www. and I had set up an automatic redirect to add the www. The $_POST array was getting emptied in the process.
So to fix it all I had to do was submit to www.domain.example
I had a similar problem. Turned out to be a simple fix. In the form I had
<form action="directory" method="post">
where directory was the name of... the directory. My POST array was totally empty. When I looked at the url in my browser, it was displayed with a forward slash on the end.
Adding the forward slash to the end of my action did the trick -
<form action="directory/" method="post">
My $_POST array was full again!
Make sure that, in php.ini:
track_vars (it's only available on very old PHP versions) is set to On
variables_order contains the letter P
post_max_size is set to a reasonable value (e.g. 8 MB)
(if using suhosin patch) suhosin.post.max_vars and suhosin.request.max_vars are large enough.
I suppose the second suggestion of mine will solve your problem.
I've found that when posting from HTTP to HTTPS, the $_POST comes empty.
This happened while testing the form, but took me a while until I realize that.
I came across a similar yet slightly different issue and it took 2 days to understand the issue.
In my case also POST array was empty.
Then checked with file_get_contents('php://input'); and that was also
empty.
Later I found that browser wasnt asking confirmation for resubmitting form data after If I refresh the page loaded after POST submission. It was directly refreshing page. But when I changed form URL to a different one it was passing POST properly and asked for resubmitting data when attempted to refresh page.
Then I checked what is wrong with actual URL . There were no fault with URL, however it was pointing to a folder without index.php in URL and I was checking POST at index.php.
Here I doubted the redirection from / to /index.php causes POST data to be lost and tested URL with appending index.php to the URL.
That Worked.
Posted it here so someone would find it helpful.
If you are posting to a index.php file in a directory for example /api/index.php make sure in your form you specify the full directory to the file e.g
This
<form method="post" action="/api/index.php">
</form>
OR
<form method="post" action="/api/">
</form>
works.
But this fails
<form method="post" action="/api">
</form>
I could solve the problem using enctype="application/x-www-form-urlencoded" as the default is "text/plain". When you check in $DATA the seperator is a space for "text/plain" and a special character for the "urlencoded".
Kind regards
Frank
Having the enable_post_data_reading setting disabled will cause this. According to the documentation:
enable_post_data_reading
Disabling this option causes $_POST and $_FILES not to be populated. The only way to read postdata will then be through the php://input stream wrapper. This can be useful to proxy requests or to process the POST data in a memory efficient fashion.
<form action="test.php" method="post">
^^^^^^^^^^^^^
Okay, this was stupid and I will be embarassing myself in public, but I knocked up a little test script for something in PHP and when my $_POST array was empty, StackOverflow is the first place I looked and I didn't find the answer I needed.
I had only written
<form action="test.php">
and forgotten to specify the method as being POST!
I am sure someone will snigger, but if this helps someone else who does the same thing, then I don't mind! We all do it from time to time!
Don't have an elegant solution at this point but wanted to share my findings for the future reference of others who encounter this problem. The source of the problem was 2 overriden php values in an .htaccess file. I had simply added these 2 values to increase the filesize limit for file uploads from the default 8MB to something larger -- I observed that simply having these 2 values in the htaccess file at all, whether larger or smaller than the default, caused the issue.
php_value post_max_size xxMB
php_value upload_max_filesize xxMB
I added additional variables to hopefully raise the limits for all the suhosin.post.xxx/suhosin.upload.xxx vars but these didn't have any effect with this problem unfortunately.
In summary, I can't really explain the "why" here, but have identified the root cause. My feeling is that this is ultimately a suhosin/htaccess issue, but unfortunately one that I wasn't able to resolve other than to remove the 2 php overridden values above.
Hope this helps someone in the future as I killed a handful of hours figuring this out. Thanks to all who took the time to help me with this (MrMage, Andrew)
In my case, when posting from HTTP to HTTPS, the $_POST comes empty. The problem was, that the form had an action like this //example.com When I fixed the URL to https://example.com, the problem disappeared.
same issue here!
i was trying to connect to my local server code via post request in postman, and this problem wasted my time alot!
for anyone who uses local project (e.g. postman):
use your IPv4 address (type ipconfig in cmd) instead of the "localhost" keyword.
in my case:
before:
localhost/app/login
after:
192.168.1.101/app/login
Make sure that the name property of each field is defined.
This create you an empty POST on PHP
<input type="text" id="Phone">
But, this will work
<input type="text" name="Phone" id="Phone">
I had the same problem.
The problem was .htaccess.
I have a HTTPS rewrite rule and was sending the post requests to http:// instead of https://.
The post request cleared due to redirect.
REFERENCE: http://www.openjs.com/articles/ajax_xmlhttp_using_post.php
POST method
We are going to make some modifications so POST method will be used when sending the request...
var url = "get_data.php";
var params = "lorem=ipsum&name=binny";
http.open("POST", url, true);
//Send the proper header information along with the request
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = function() {//Call a function when the state changes.
if(http.readyState == 4 && http.status == 200) {
alert(http.responseText);
}
}
http.send(params);
Some http headers must be set along with any POST request. So we set them in these lines...
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
With the above lines we are basically saying that the data send is in the format of a form submission. We also give the length of the parameters we are sending.
http.onreadystatechange = function() {//Call a function when the state changes.
if(http.readyState == 4 && http.status == 200) {
alert(http.responseText);
}
}
We set a handler for the 'ready state' change event. This is the same handler we used for the GET method. You can use the http.responseText here - insert into a div using innerHTML(AHAH), eval it(JSON) or anything else.
http.send(params);
Finally, we send the parameters with the request. The given url is loaded only after this line is called. In the GET method, the parameter will be a null value. But in the POST method, the data to be send will be send as the argument of the send function. The params variable was declared in the second line as lorem=ipsum&name=binny - so we send two parameters - 'lorem' and 'name' with the values 'ipsum' and 'binny' respectively.
I know this is old, but wanted to share my solution.
In my case the issue was in my .htaccess as I added variables to raise my PHP's max upload limit. My code was like this:
php_value post_max_size 50MB
php_value upload_max_filesize 50MB
Later I notice that the values should like xxM not xxMB and when I changed it to:
php_value post_max_size 50M
php_value upload_max_filesize 50M
now my $_POST returned the data as normal before.
Hope this helps someone in the future.
In my case it was because I was using jQuery to disable all inputs on the page just before using jQuery to submit the form.
So I changed my "disable every input even the 'hidden' types":
$(":input").attr("disabled","disabled");
to "disable only the 'button' type inputs":
$('input[type=button]').attr('disabled',true);
This was so the user couldn't accidentally hit the 'go' button twice and hose up our DB!
It seems that if you put the 'disabled' attribute on a 'hidden' type form input their values won't be sent over if the form is submitted!
For me, .htaccess was redirecting when mod_rewrite wasn't installed. Install mod_rewite and all is fine.
Specifically:
<IfModule !mod_rewrite.c>
ErrorDocument 404 /index.php
</Ifmodule>
was executing.
I just spent hours to fix a similar issue. The problem in my case, was the the
max_input_vars = "1000"
by default, in the php.ini. I had a really huge form without uploads. php.ini is set to upload_max_filesize = "100M" and post_max_size = "108M" and it was surely not the issue in my case. PHP behavior is the same for max_input_vars when it exceeds 1000 variables in the form. It returns and empty _POST array. I wish I could have found that one hours, and hours ago.
Another simple reason for an empty POST array can be caused by not closing a form with </form> and then adding a second <form>...</form>. When the second form is submitted the POST array will be empty.
In addition to MRMage's post:
I had to set this variable to solve the problem that some $_POST variables (with an large array > 1000 items) disappeared:
suhosin.request.max_vars = 2500
"request", not "post" was the solution...
Not the most convenient solution perhaps, but I figured it out that if I set the form action attribute to the root domain, index.php can be accessed and gets the posted variables. However if I set a rewritten URL as action, it does not work.
This is sort of similar to what #icesar said.
But I was trying to post stuff to my api, located in site/api/index.php, only posting to site/api since it gets passed on to index.php by itself. This however, apparently cause something to get messed up, as my $_POST got emptied on the fly. Simply posting to site/api/index.php directly instead solved it.
My problem was that I was using the HTML <base> tag to change the base URL of my test site. Once I removed that tag from the header, the $_POST data came back.
In my case (php page on OVH mutualisé server) enctype="text/plain" does not work ($_POST and corresponding $_REQUEST is empty), the other examples below work.
`
<form action="?" method="post">
<!-- in this case, my google chrome 45.0.2454.101 uses -->
<!-- Content-Type:application/x-www-form-urlencoded -->
<input name="say" value="Hi">
<button>Send my greetings</button>
</form>
<form action="?" method="post" enctype="application/x-www-form-urlencoded">
<input name="say" value="Hi">
<button>Send my application/x-www-form-urlencoded greetings</button>
</form>
<form action="?" method="post" enctype="multipart/form-data">
<input name="say" value="Hi">
<button>Send my multipart/form-data greetings</button>
</form>
<form action="?" method="post" enctype="text/plain"><!-- not working -->
<input name="say" value="Hi">
<button>Send my text/plain greetings</button>
</form>
`
More here: method="post" enctype="text/plain" are not compatible?
I was getting the following error from Mod Security:
Access denied with code 500 (phase 2). Pattern match "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" at REQUEST_BODY. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "345"] [id "300013"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"]
Once I removed my mod security configuration to test, it all worked as expected. Now I just need to modify my rules to stay secure but flexible enough for my needs :)
Make sure you use name="your_variable_name" in input tag.
I mistakenly use id="your_variable_name".
I spent much time to catch the bug.
I run into the same issue also when I migrated to new server. setting the value for post_max_size in the php.ini file fixed my issue.
In my case, I had target="_blank" in my <form> tag. Removing it solved the issue.
But, if you need to open a new page after submission nonetheless, just replace _blank with a random value, like newtab (it can really be anything).
Before:
<form target="_blank" action="api/" enctype="application/x-www-form-urlencoded" method="post">
After:
<form target="newtab" action="api/" enctype="application/x-www-form-urlencoded" method="post">