PHP breaking at input with # in it

[zeez]

Hello

I have a form, but in case a field contains hash #, my php code doesn't continue...If i echo the input value where the hash is i get all the part up till the hash, ex. "myword" from an original string which is as "myword#ishere"

Why is this happening?

[corbyboy]

Can you post a bit of code? It sounds very unusual.

[spiderling]

In PHP the # is used for commenting. So anything after it is not interpreted/displayed. You should filter user input. Look at addslashes and stripslashes

[corbyboy]

In PHP the # is used for commenting. So anything after it is not interpreted/displayed. You should filter user input. Look at addslashes and stripslashes

It is correct that # can be used for comments, but not when parsing user input. That will only be interpreted as a comment when it is present in the source code.

[blackdiamond]

If you're using get switch to post.

url: example.com/script.php?something=bla#other
You'll have $_GET['bla']=bla

if you use post, you'll get $_POST['bla']=bla#other

Should work if you switch to usign POST instead of GET (form method=post)

Not 100% sure but give it a try. Would love to hear back if it worked.

It is correct that # can be used for comments, but not when parsing user input. That will only be interpreted as a comment when it is present in the source code.

That will happen only when you eval() the input value. There's no reason for echo 'something#else'; to just echo 'something'.

[zeez]

In PHP the # is used for commenting. So anything after it is not interpreted/displayed. You should filter user input. Look at addslashes and stripslashes

LOL I tried.. but it is even breaking inside those functions themselves...

Can you post a bit of code? It sounds very unusual.

I donno what to post..
I mean the form is read by jQuery, everything up to the php file seems okay, but when it reached the php file.. that behaviour takes pace..

Even i do simply

Code:

echo $_GET['fieldName'];

Btw, the field is a password field.

An additional thing, if i input an &, the code stops functioning..

url: example.com/script.php?something=bla#other
You'll have $_GET['bla']=bla

if you use post, you'll get $_POST['bla']=bla#other

Should work if you switch to usign POST instead of GET (form method=post)

Good point, let me try it..
But Im using jQuery $.ajax() function...

[AnthonySterling]

As you're passing the variables using GET, a # denotes an anchor, therefore you lose the rest of the string.

You need to pass it via POST, which jQuery also supports when using Ajax.

[logic_earth]

As you're passing the variables using GET, a # denotes an anchor, therefore you lose the rest of the string.

You need to pass it via POST, which jQuery also support when using Ajax.

Or encode # | &

[zeez]

You need to pass it via POST, which jQuery also supports when using Ajax.

I dont want to use $.post.. i want to use $.ajax()..
im specifying the request method to be "post" though, and still the same..

Or encode # | &

How?

[zeez]

Okay solved the #, but the & is still bugging...

[danNL]

A simple PHP form will accept the inputs:

"myword#ishere"
"myword&ishere"
"example.com/script.php?something=bla#other"
"example.com/script.php?something=bla&test=test#other"

PHP Code:

<?php
if(!empty($_REQUEST['test'])) {
    echo $_REQUEST['test'];
}
?>

<form method="post" action="">
    <input name="test" type="text" />
    <input type="submit" />
</form>

So that seems to narrow down the issue to JQuery since you're passing the post via it (seems you've already gotten there).

Are you serializing the form data, http://docs.jquery.com/Ajax/serializeArray, before posting it via JQuery?

[zeez]

Are you serializing the form data, http://docs.jquery.com/Ajax/serializeArray, before posting it via JQuery?

I already reached to this conclusion a while ago.. but in this specific part I dont want to serialize, i want to use $("#id").val(); simply..

[sk89q]

Then use escape() or encodeURIComponent() (preferably the latter). (These are not jQuery functions.)