Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
PSA
Member Login

Site Notices
Posted: 8/28/2015 2:56:35 PM EDT
I have an HTML form using an input box, the form calls a php form to grab the POST contents.  

It will save any data as long as a URL (http://) is not the first characters in the input box.  

Http, HTTP:, http:/ all will save fine, but http:// will cause the POST array to be nulled out.  

Any ideas?
Link Posted: 8/28/2015 7:20:51 PM EDT
Originally Posted By Sedona:
I have an HTML form using an input box, the form calls a php form to grab the POST contents.  

It will save any data as long as a URL (http://) is not the first characters in the input box.  

Http, HTTP:, http:/ all will save fine, but http:// will cause the POST array to be nulled out.  

Any ideas?
View Quote


Debug the $_POST array to see if all the data coming in from the form input looks correct, prior to being put into the sql db.

If it's not, then there is some input filtering happening somewhere.
Link Posted: 8/28/2015 9:05:45 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ocabj:


Debug the $_POST array to see if all the data coming in from the form input looks correct, prior to being put into the sql db.

If it's not, then there is some input filtering happening somewhere.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By ocabj:
Originally Posted By Sedona:
I have an HTML form using an input box, the form calls a php form to grab the POST contents.  

It will save any data as long as a URL (http://) is not the first characters in the input box.  

Http, HTTP:, http:/ all will save fine, but http:// will cause the POST array to be nulled out.  

Any ideas?


Debug the $_POST array to see if all the data coming in from the form input looks correct, prior to being put into the sql db.

If it's not, then there is some input filtering happening somewhere.


The $_POST variables all get nulled by the time the catch.php is called.   I know that they get passed properly beasue anything else, other than 'http://' gets saved out to the mysql database.  I include osme debugging int he catch.php, namely:

ini_set('display_errors', 'On');
error_reporting(-1);
var_dump(file_get_contents('php://input'));
var_dump($_POST);

And it is showing all null arrays.  

This is the errors that are being returned:

string(0) "" array(0) { }
Notice: Undefined index: Line1 in /home/sedoyrzi/public_html/Ads/placeAd.php on line 29

Notice: Undefined index: Line2 in /home/sedoyrzi/public_html/Ads/placeAd.php on line 31

Notice: Undefined index: Line3 in /home/sedoyrzi/public_html/Ads/placeAd.php on line 32

Notice: Undefined index: Line4 in /home/sedoyrzi/public_html/Ads/placeAd.php on line 33

Notice: Undefined index: Line5 in /home/sedoyrzi/public_html/Ads/placeAd.php on line 34

Notice: Undefined index: Line6 in /home/sedoyrzi/public_html/Ads/placeAd.php on line 35

Notice: Undefined index: weeks in /home/sedoyrzi/public_html/Ads/placeAd.php on line 36

Notice: Undefined index: email in /home/sedoyrzi/public_html/Ads/placeAd.php on line 37

Notice: Undefined index: comment in /home/sedoyrzi/public_html/Ads/placeAd.php on line 38
Link Posted: 8/28/2015 9:09:19 PM EDT
What could possibly be filtering it?
Link Posted: 8/29/2015 1:37:34 AM EDT
I was thinking the first action your form submit could take is to print/write out the contents of $_POST just to verify the text in the form is actually being submitted as is.

That's where I would expect the URL string to get munged up. If it's not getting messed up on submission, then I'm wondering if you need to sanitize the string for MySQL ( e.g. via urlencode() ).
Link Posted: 8/29/2015 3:41:40 AM EDT
It's been a while for me, but wasn't // some sort of escape string?
Link Posted: 8/29/2015 4:38:26 PM EDT
// gets passed no problem, the pitch page the $_POST variable are fine, once it gets tossed to the catch page, where the php is, the $_POST array is nulled.

http: gets passed fine, in fact everything but 'http://' gets passed without any problem.  

I am thinking at this point it is a server issue.   Where on a server woudl filter that kind of thing out?

Failing finding that, I know you can include the catch page on e pitch page, but I never did that, anyone have any boilerplate for that?
Link Posted: 8/30/2015 1:40:20 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Sedona:
// gets passed no problem, the pitch page the $_POST variable are fine, once it gets tossed to the catch page, where the php is, the $_POST array is nulled.

http: gets passed fine, in fact everything but 'http://' gets passed without any problem.  

I am thinking at this point it is a server issue.   Where on a server woudl filter that kind of thing out?

Failing finding that, I know you can include the catch page on e pitch page, but I never did that, anyone have any boilerplate for that?
View Quote


I would try urlencoding that specific field before you pass it to the php code that's not getting the value correctly.
Link Posted: 8/30/2015 5:20:03 PM EDT
I think, what I need is a javascript function that can be tied to the submit button, that will strip any occurence of 'HTTP:// or http://' from the input boxes.  

Whats really strange about this, is that this behavior only occurs when the first characters are HTTP:// and only when in an input type="text" form box, it saves out fine when it is in a textarea.  

Anyone have any code that will strip out http:// or HTTP:// from the $_POST variable that i can attach to the submit button?
Link Posted: 8/30/2015 8:36:28 PM EDT
[Last Edit: 8/30/2015 8:36:50 PM EDT by ocabj]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By Sedona:
I think, what I need is a javascript function that can be tied to the submit button, that will strip any occurence of 'HTTP:// or http://' from the input boxes.  

Whats really strange about this, is that this behavior only occurs when the first characters are HTTP:// and only when in an input type="text" form box, it saves out fine when it is in a textarea.  

Anyone have any code that will strip out http:// or HTTP:// from the $_POST variable that i can attach to the submit button?
View Quote


This will remove http:// from the beginning of a string.

function striphttp($url) {

 if ( 0 === strpos (strtolower($url), 'http://') ) {
   return striphttp(substr($url, 7));
 } else {
   return $url;
 }
}


Of course, this doesn't handle https://, but you would just need to add an elseif to handle that. Note the recursion for handling multiple instances of http:// at the head of the string.
Top Top