SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP breaking at input with # in it

    Hello

    I have a form, but in case a field contains hash #, my php code doesn't continue...If i echo the input value where the hash is i get all the part up till the hash, ex. "myword" from an original string which is as "myword#ishere"

    Why is this happening?

  2. #2
    SitePoint Guru
    Join Date
    Feb 2008
    Posts
    655
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you post a bit of code? It sounds very unusual.

  3. #3
    SitePoint Addict
    Join Date
    Jul 2008
    Posts
    213
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In PHP the # is used for commenting. So anything after it is not interpreted/displayed. You should filter user input. Look at addslashes and stripslashes

  4. #4
    SitePoint Guru
    Join Date
    Feb 2008
    Posts
    655
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spiderling View Post
    In PHP the # is used for commenting. So anything after it is not interpreted/displayed. You should filter user input. Look at addslashes and stripslashes
    It is correct that # can be used for comments, but not when parsing user input. That will only be interpreted as a comment when it is present in the source code.

  5. #5
    SitePoint Zealot
    Join Date
    Jan 2005
    Location
    Romania, Iasi
    Posts
    119
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're using get switch to post.

    url: example.com/script.php?something=bla#other
    You'll have $_GET['bla']=bla

    if you use post, you'll get $_POST['bla']=bla#other

    Should work if you switch to usign POST instead of GET (form method=post)

    Not 100% sure but give it a try. Would love to hear back if it worked.

    Quote Originally Posted by corbyboy View Post
    It is correct that # can be used for comments, but not when parsing user input. That will only be interpreted as a comment when it is present in the source code.
    That will happen only when you eval() the input value. There's no reason for echo 'something#else'; to just echo 'something'.

  6. #6
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In PHP the # is used for commenting. So anything after it is not interpreted/displayed. You should filter user input. Look at addslashes and stripslashes
    LOL I tried.. but it is even breaking inside those functions themselves...

    Can you post a bit of code? It sounds very unusual.
    I donno what to post..
    I mean the form is read by jQuery, everything up to the php file seems okay, but when it reached the php file.. that behaviour takes pace..

    Even i do simply
    Code:
    echo $_GET['fieldName'];
    Btw, the field is a password field.

    An additional thing, if i input an &, the code stops functioning..

    url: example.com/script.php?something=bla#other
    You'll have $_GET['bla']=bla

    if you use post, you'll get $_POST['bla']=bla#other

    Should work if you switch to usign POST instead of GET (form method=post)
    Good point, let me try it..
    But Im using jQuery $.ajax() function...

  7. #7
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    As you're passing the variables using GET, a # denotes an anchor, therefore you lose the rest of the string.

    You need to pass it via POST, which jQuery also supports when using Ajax.

    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  8. #8
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SilverBulletUK View Post
    As you're passing the variables using GET, a # denotes an anchor, therefore you lose the rest of the string.

    You need to pass it via POST, which jQuery also support when using Ajax.

    Or encode # | &
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  9. #9
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to pass it via POST, which jQuery also supports when using Ajax.
    I dont want to use $.post.. i want to use $.ajax()..
    im specifying the request method to be "post" though, and still the same..

    Or encode # | &
    How?

  10. #10
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay solved the #, but the & is still bugging...

  11. #11
    SitePoint Addict
    Join Date
    May 2006
    Location
    Amsterdam
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A simple PHP form will accept the inputs:

    "myword#ishere"
    "myword&ishere"
    "example.com/script.php?something=bla#other"
    "example.com/script.php?something=bla&test=test#other"

    PHP Code:
    <?php
    if(!empty($_REQUEST['test'])) {
        echo 
    $_REQUEST['test'];
    }
    ?>

    <form method="post" action="">
        <input name="test" type="text" />
        <input type="submit" />
    </form>
    So that seems to narrow down the issue to JQuery since you're passing the post via it (seems you've already gotten there).

    Are you serializing the form data, http://docs.jquery.com/Ajax/serializeArray, before posting it via JQuery?

  12. #12
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you serializing the form data, http://docs.jquery.com/Ajax/serializeArray, before posting it via JQuery?
    I already reached to this conclusion a while ago.. but in this specific part I dont want to serialize, i want to use $("#id").val(); simply..

  13. #13
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Then use escape() or encodeURIComponent() (preferably the latter). (These are not jQuery functions.)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •