PHP converts form field characters to underscores

13/02/2008, 10h45

I'm currently writing a system which contains relatively arbitrary
form field names (the field names are re-used as headings in a
subsequent form-to-mail kind of script). I've noticed that PHP
converts certain form field-name characters to underscores.

After doing some searching for related bugs, these are the only
bugs.php.net entries I could find:
http://bugs.php.net/bug.php?id=34578
http://bugs.php.net/bug.php?id=42677
http://bugs.php.net/bug.php?id=17574

The first two responses cite the "because of register globals, any
form field which does not contain valid variable-name characters is
converted" whereas the last one points out where this really
contradicts itself, PHP accepts form field names with all manner of
non-printable characters _including_ form field names which start with
numbers. The following code writes a form to test which characters are
acceptable to PHP:

---------------------------
<html>
<head><title>test</title></head>
<body>
<form method="post">
<?php

for ($i=1; $i<255; $i++) {
print "<input type=\"hidden\" name=\"&#$i;\" />\n";
}

?>
<input type="Submit" />
</form>
<?php

if (count($_POST)) {
for ($i=1; $i<255; $i++) {
if (!isset($_POST[chr($i)])) {
print $i.' ('.dechex($i).')(&#'.$i.'

doesnt exist<br />';
}
}
}

?>
</body>
</html>
---------------------------

The sticking point for me is that space characters (%20) as well as
dot characters (%2E) are converted to underscores, yet all other ASCII
characters (with the exception of square brackets which at least have
some explainable meaning) are left as-is. I lose data because I can't
tell which fields had spaces, dots or underscores in them originally.
The only solution I can think of is replacing dots or spaces with non-
printable characters and then converting them back when I parse the
$_REQUEST array.

Can anyone shed light on why normal (and very useful) characters are
converted whereas others are left alone?

13/02/2008, 21h58

james.gauth@googlemail.com wrote:
> I'm currently writing a system which contains relatively arbitrary
> form field names (the field names are re-used as headings in a
> subsequent form-to-mail kind of script). I've noticed that PHP
> converts certain form field-name characters to underscores.
>
> After doing some searching for related bugs, these are the only
> bugs.php.net entries I could find:
> http://bugs.php.net/bug.php?id=34578
> http://bugs.php.net/bug.php?id=42677
> http://bugs.php.net/bug.php?id=17574
>
> The first two responses cite the "because of register globals, any
> form field which does not contain valid variable-name characters is
> converted" whereas the last one points out where this really
> contradicts itself, PHP accepts form field names with all manner of
> non-printable characters _including_ form field names which start with
> numbers. The following code writes a form to test which characters are
> acceptable to PHP:
>
> ---------------------------
> <html>
> <head><title>test</title></head>
> <body>
> <form method="post">
> <?php
>
> for ($i=1; $i<255; $i++) {
> print "<input type=\"hidden\" name=\"&#$i;\" />\n";
> }
>
> ?>
> <input type="Submit" />
> </form>
> <?php
>
> if (count($_POST)) {
> for ($i=1; $i<255; $i++) {
> if (!isset($_POST[chr($i)])) {
> print $i.' ('.dechex($i).')(&#'.$i.'

doesnt exist<br />';
> }
> }
> }
>
> ?>
> </body>
> </html>
> ---------------------------
>
> The sticking point for me is that space characters (%20) as well as
> dot characters (%2E) are converted to underscores, yet all other ASCII
> characters (with the exception of square brackets which at least have
> some explainable meaning) are left as-is. I lose data because I can't
> tell which fields had spaces, dots or underscores in them originally.
> The only solution I can think of is replacing dots or spaces with non-
> printable characters and then converting them back when I parse the
> $_REQUEST array.
>
> Can anyone shed light on why normal (and very useful) characters are
> converted whereas others are left alone?
>

So, don't put the values in the "name" attribute. Rather, give the
hidden field a legitimate name and put your values in the "value" attribute.

echo '<input type="hidden" name="field1" value="&#$i;">';

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

14/02/2008, 09h51

> So, don't put the values in the "name" attribute. Rather, give the
> hidden field a legitimate name and put your values in the "value" attribute.
>
> echo '<input type="hidden" name="field1" value="&#$i;">';

I'm guessing that you didn't read that I'm writing a form-to-email
script that uses the field names as headings in a subsequent email and
didn't realise that the offered code is a form to test which
characters are acceptable to PHP.

Anyhoo, problem hacked around, you can use any number of weird
characters as long as PHP considers it an array key:
<form>
<input type="text" name="I have lots of spaces in my field name."
value="No you dont." /><br />
<input type="text" name="form[I have lots of spaces in my field
name.]" value="Yes you do." /><br />
<input type="Submit" />
</form>

Which results in the following:
Array
(
[I_have_lots_of_spaces_in_my_field_name_] => No you dont.
[form] => Array
(
[I have lots of spaces in my field name.] => Yes you do.
)

)

I can then convert anything into the form array into a set of 'Field-
name: Value' pairs and mail the result.

14/02/2008, 13h34

james.gauth@googlemail.com wrote:
>> So, don't put the values in the "name" attribute. Rather, give the
>> hidden field a legitimate name and put your values in the "value" attribute.
>>
>> echo '<input type="hidden" name="field1" value="&#$i;">';
>
> I'm guessing that you didn't read that I'm writing a form-to-email
> script that uses the field names as headings in a subsequent email and
> didn't realise that the offered code is a form to test which
> characters are acceptable to PHP.
>

Yes, I did. And I gave you the appropriate response. If you don't like
it, that's your problem.

> Anyhoo, problem hacked around, you can use any number of weird
> characters as long as PHP considers it an array key:
> <form>
> <input type="text" name="I have lots of spaces in my field name."
> value="No you dont." /><br />
> <input type="text" name="form[I have lots of spaces in my field
> name.]" value="Yes you do." /><br />
> <input type="Submit" />
> </form>
>
> Which results in the following:
> Array
> (
> [I_have_lots_of_spaces_in_my_field_name_] => No you dont.
> [form] => Array
> (
> [I have lots of spaces in my field name.] => Yes you do.
> )
>
> )
>
> I can then convert anything into the form array into a set of 'Field-
> name: Value' pairs and mail the result.
>

Another way to do it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

13/02/2008, 10h45	#1
james.gauth@googlemail.com Messages: n/a Hébergeur:	PHP converts form field characters to underscores I'm currently writing a system which contains relatively arbitrary form field names (the field names are re-used as headings in a subsequent form-to-mail kind of script). I've noticed that PHP converts certain form field-name characters to underscores. After doing some searching for related bugs, these are the only bugs.php.net entries I could find: http://bugs.php.net/bug.php?id=34578 http://bugs.php.net/bug.php?id=42677 http://bugs.php.net/bug.php?id=17574 The first two responses cite the "because of register globals, any form field which does not contain valid variable-name characters is converted" whereas the last one points out where this really contradicts itself, PHP accepts form field names with all manner of non-printable characters _including_ form field names which start with numbers. The following code writes a form to test which characters are acceptable to PHP: --------------------------- <html> <head><title>test</title></head> <body> <form method="post"> <?php for ($i=1; $i<255; $i++) { print "<input type=\"hidden\" name=\"&#$i;\" />\n"; } ?> <input type="Submit" /> </form> <?php if (count($_POST)) { for ($i=1; $i<255; $i++) { if (!isset($_POST[chr($i)])) { print $i.' ('.dechex($i).')(&#'.$i.' doesnt exist<br />'; } } } ?> </body> </html> --------------------------- The sticking point for me is that space characters (%20) as well as dot characters (%2E) are converted to underscores, yet all other ASCII characters (with the exception of square brackets which at least have some explainable meaning) are left as-is. I lose data because I can't tell which fields had spaces, dots or underscores in them originally. The only solution I can think of is replacing dots or spaces with non- printable characters and then converting them back when I parse the $_REQUEST array. Can anyone shed light on why normal (and very useful) characters are converted whereas others are left alone?

13/02/2008, 21h58	#2
Jerry Stuckle Messages: n/a Hébergeur:	Re: PHP converts form field characters to underscores james.gauth@googlemail.com wrote: > I'm currently writing a system which contains relatively arbitrary > form field names (the field names are re-used as headings in a > subsequent form-to-mail kind of script). I've noticed that PHP > converts certain form field-name characters to underscores. > > After doing some searching for related bugs, these are the only > bugs.php.net entries I could find: > http://bugs.php.net/bug.php?id=34578 > http://bugs.php.net/bug.php?id=42677 > http://bugs.php.net/bug.php?id=17574 > > The first two responses cite the "because of register globals, any > form field which does not contain valid variable-name characters is > converted" whereas the last one points out where this really > contradicts itself, PHP accepts form field names with all manner of > non-printable characters _including_ form field names which start with > numbers. The following code writes a form to test which characters are > acceptable to PHP: > > --------------------------- > <html> > <head><title>test</title></head> > <body> > <form method="post"> > <?php > > for ($i=1; $i<255; $i++) { > print "<input type=\"hidden\" name=\"&#$i;\" />\n"; > } > > ?> > <input type="Submit" /> > </form> > <?php > > if (count($_POST)) { > for ($i=1; $i<255; $i++) { > if (!isset($_POST[chr($i)])) { > print $i.' ('.dechex($i).')(&#'.$i.' doesnt exist<br />'; > } > } > } > > ?> > </body> > </html> > --------------------------- > > The sticking point for me is that space characters (%20) as well as > dot characters (%2E) are converted to underscores, yet all other ASCII > characters (with the exception of square brackets which at least have > some explainable meaning) are left as-is. I lose data because I can't > tell which fields had spaces, dots or underscores in them originally. > The only solution I can think of is replacing dots or spaces with non- > printable characters and then converting them back when I parse the > $_REQUEST array. > > Can anyone shed light on why normal (and very useful) characters are > converted whereas others are left alone? > So, don't put the values in the "name" attribute. Rather, give the hidden field a legitimate name and put your values in the "value" attribute. echo '<input type="hidden" name="field1" value="&#$i;">'; -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

14/02/2008, 09h51	#3
james.gauth@googlemail.com Messages: n/a Hébergeur:	Re: PHP converts form field characters to underscores > So, don't put the values in the "name" attribute. Rather, give the > hidden field a legitimate name and put your values in the "value" attribute. > > echo '<input type="hidden" name="field1" value="&#$i;">'; I'm guessing that you didn't read that I'm writing a form-to-email script that uses the field names as headings in a subsequent email and didn't realise that the offered code is a form to test which characters are acceptable to PHP. Anyhoo, problem hacked around, you can use any number of weird characters as long as PHP considers it an array key: <form> <input type="text" name="I have lots of spaces in my field name." value="No you dont." /><br /> <input type="text" name="form[I have lots of spaces in my field name.]" value="Yes you do." /><br /> <input type="Submit" /> </form> Which results in the following: Array ( [I_have_lots_of_spaces_in_my_field_name_] => No you dont. [form] => Array ( [I have lots of spaces in my field name.] => Yes you do. ) ) I can then convert anything into the form array into a set of 'Field- name: Value' pairs and mail the result.

14/02/2008, 13h34	#4
Jerry Stuckle Messages: n/a Hébergeur:	Re: PHP converts form field characters to underscores james.gauth@googlemail.com wrote: >> So, don't put the values in the "name" attribute. Rather, give the >> hidden field a legitimate name and put your values in the "value" attribute. >> >> echo '<input type="hidden" name="field1" value="&#$i;">'; > > I'm guessing that you didn't read that I'm writing a form-to-email > script that uses the field names as headings in a subsequent email and > didn't realise that the offered code is a form to test which > characters are acceptable to PHP. > Yes, I did. And I gave you the appropriate response. If you don't like it, that's your problem. > Anyhoo, problem hacked around, you can use any number of weird > characters as long as PHP considers it an array key: > <form> > <input type="text" name="I have lots of spaces in my field name." > value="No you dont." /><br /> > <input type="text" name="form[I have lots of spaces in my field > name.]" value="Yes you do." /><br /> > <input type="Submit" /> > </form> > > Which results in the following: > Array > ( > [I_have_lots_of_spaces_in_my_field_name_] => No you dont. > [form] => Array > ( > [I have lots of spaces in my field name.] => Yes you do. > ) > > ) > > I can then convert anything into the form array into a set of 'Field- > name: Value' pairs and mail the result. > Another way to do it. -- ================== Remove the "x" from my email address Jerry Stuckle JDS Computer Training Corp. jstucklex@attglobal.net ==================

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email