Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 136,486 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,684 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

$_POST cuts off at space (sometimes)

Reply to this topic

Start new topic

$_POST cuts off at space (sometimes), cannot keep 2 words in $_POST, with space inbetween

sarahg	11 Feb, 2008 - 05:01 PM Post #1
New D.I.C Head Joined: 30 Dec, 2007 Posts: 2	Guys, I've been playing with this for days, and it's time to ask the experts. I'm pulling the list for a drop-down box from a database. Then using POST to make a new request from the database, which populates a new drop-down list. The table has 3 fields, an ID (locID), State, City. Here is code that functions, but does not give me the results I want: CODE function FindLoc($locID) { // Check to see if State has been Selected if (!isset($_POST[State])) { // find the state $result = mysql_query("SELECT DISTINCT State FROM Location ORDER BY State ")or die(mysql_error()); ?> <form method="post" action="<?php echo $PHP_SELF;?>"> <p>Select a State </p> <select name='State' value=''> <?php while($row = mysql_fetch_array($result)) { echo "<option value = $row[State] >$row[State]</option>"; } ?> <input type="submit" value="Submit" name="Submit"> </select> </form> <?php } else { // find the city $result = mysql_query("SELECT DISTINCT City,locID FROM Location WHERE State LIKE '%$_POST[State]%' ORDER BY City ")or die(mysql_error()); ?> <form method="post" action="CityPage.php"> <p>Select a City </p> <select name='City' value=''> <?php while($row = mysql_fetch_array($result)) { echo "<option value = $row[locID] >$row[City]</option>"; } ?> <input type="Submit" value="Get City" name="Get City"> </select> </form> <?php $locID = $_POST["City"]; return $locID; } } Originally, I put CODE $result = mysql_query("SELECT DISTINCT City,locID FROM Location WHERE State = '$_POST[State]' ORDER BY City ")or die(mysql_error()); With the LIKE, After the first Query, it works great, unless I have a state with 2 names (NEW YORK). Without the LIKE, it works, but POST only contains the first word of the state. (so Utah functions exactly as expected, with New York, POST only contains New) I put in LIKE to continue testing. The problem with that is I need an exact match on State, because at this point, if I choose New York, I get all cities in any state which has "New" in the name -- and they are going to notice if I say Newark is in New York! At any other point in the program, I can use $_POST[State], and the full state shows up. This same reaction happens if I post the form to itself or to the new page. I know I can str_replace, but I want to keep the spaces so it is readable for the menus.
	This Post Was Helpful!


Register for Free to Make These Ads Go Away!

SpaceMan	RE: $_POST Cuts Off At Space (sometimes) 11 Feb, 2008 - 05:44 PM Post #2
D.I.C Regular Joined: 20 Feb, 2003 Posts: 270	needs to be a string. someplace it apears id not a string.. i think i understand... option value = "New York">New York</option when bulding the options, add ' or " depending how you coded it, can escape it to \" This post has been edited by SpaceMan: 11 Feb, 2008 - 05:47 PM
	This Post Was Helpful!

WXY	RE: $_POST Cuts Off At Space (sometimes) 11 Feb, 2008 - 08:13 PM Post #3
D.I.C Head Joined: 2 Jan, 2008 Posts: 85 Dream Kudos: 50 My Contributions	Also don't forget it's XHTML standard to decorate all element parameter values with quotes. A side note for your query. Unless you want to get SQL injection attacks I suggest you write your query strings as single quoted literals and use some instances of mysql_escape_string() for those strings that you are getting from POST variables.
	This Post Was Helpful!

sarahg	RE: $_POST Cuts Off At Space (sometimes) 11 Feb, 2008 - 08:50 PM Post #4
New D.I.C Head Joined: 30 Dec, 2007 Posts: 2	QUOTE A side note for your query. Unless you want to get SQL injection attacks I suggest you write your query strings as single quoted literals and use some instances of mysql_escape_string() for those strings that you are getting from POST variables. If I'm using POST, and we are using the date from the database in dropdown lists, do I need to clean the data? There's no place for user input -- only choices from lists...
	This Post Was Helpful!

no2pencil	RE: $_POST Cuts Off At Space (sometimes) 11 Feb, 2008 - 08:54 PM Post #5
My fridge be runnin OH NOEZ! Joined: 10 May, 2007 Posts: 6,465 Thanked: 66 times Dream Kudos: 2425 Expert In: Goofing Off My Contributions	QUOTE(sarahg @ 11 Feb, 2008 - 09:50 PM) QUOTE A side note for your query. Unless you want to get SQL injection attacks I suggest you write your query strings as single quoted literals and use some instances of mysql_escape_string() for those strings that you are getting from POST variables. If I'm using POST, and we are using the date from the database in dropdown lists, do I need to clean the data? There's no place for user input -- only choices from lists... If you are supplying the data then you don't need to worry about it as much. However, if you get malformed data in your database (that's why they are called bugs, they just show up sometimes in your code) then your PHP code could crash if it receives data from the database that it can't use in it's logic. That's half of programming: You code it assuming it'll work right, then you prepare it for any possible faults that can be thrown at it. The stronger, & more prepared that you make it, the better your program will function.
	This Post Was Helpful!

SpaceMan	RE: $_POST Cuts Off At Space (sometimes) 12 Feb, 2008 - 05:45 AM Post #6
D.I.C Regular Joined: 20 Feb, 2003 Posts: 270	Actually it could be problem if someone made a form that posted to your page. easy to add as WXY sujests. QUOTE(sarahg @ 11 Feb, 2008 - 09:50 PM) QUOTE A side note for your query. Unless you want to get SQL injection attacks I suggest you write your query strings as single quoted literals and use some instances of mysql_escape_string() for those strings that you are getting from POST variables. If I'm using POST, and we are using the date from the database in dropdown lists, do I need to clean the data? There's no place for user input -- only choices from lists...
	This Post Was Helpful!

WXY	RE: $_POST Cuts Off At Space (sometimes) 12 Feb, 2008 - 07:33 AM Post #7
D.I.C Head Joined: 2 Jan, 2008 Posts: 85 Dream Kudos: 50 My Contributions	Well said SpaceMan. sarahg, I shall clarify how the attack would be conducted. HTTP POST variables are all binary string represented data regardless of type of the HTML element that they are received from. This is a big problem for you as you have no way to guarantee that someone hasn't written a custom form which mimics all data that your application excepts with the exception of the drop box which they could replace with an user input field. This is possible because a <input type="text"... and <select ... will send equivalent type of data to PHP.
	This Post Was Helpful!

istojic	RE: $_POST Cuts Off At Space (sometimes) 1 Mar, 2008 - 05:56 PM Post #8
New D.I.C Head Joined: 1 Mar, 2008 Posts: 1	QUOTE(SpaceMan @ 11 Feb, 2008 - 06:44 PM) needs to be a string. someplace it apears id not a string.. i think i understand... option value = "New York">New York</option when bulding the options, add ' or " depending how you coded it, can escape it to \" I'm certain you nailed the problem; I was having it myself recently because I had forgotten the quotes around the value's attribute..
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 12/2/08 07:23PM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month

sharpy (50)
KYA (50)