Posted by scott Johnson on 10/20/05 02:09

I tried and had no issue with $_POST[].
Have you tried print_r($_POST); to ensure it is a $_POST variable problem.

Can you post a snippet of code that duplicates this problem?

Here is what I did:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<?php
if($_POST['action'] == 'submit'){
echo "print_r: ";
print_r($_POST);
echo "<br>";
echo "post: ".$_POST["fieldname"];
$var = $_POST["fieldname"];
echo "<br>var: ".$var;
}
?>
<form name="form1" method="post" action="<?php echo
$HTTP_SERVER_VARS['PHP_SELF'];?>">
<table width="400" border="1" align="center" cellpadding="0"
cellspacing="0">
<tr>
<td width="50%" align="right">Field:</td>
<td><input name="fieldname" type="text" id="fieldname"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr align="center">
<td colspan="2"><input type="submit" name="Submit" value="Submit">
<input name="action" type="hidden" id="action" value="submit"></td>
</tr>
</table>
</form>
</body>
</html>


starbuck wrote:
> Hi,
>
> have a form, with a text input "fieldname".
> method POST
>
> $var = $_POST["fieldname"]
>
> $var is then used to search in mysql
>
> select * from table where jobtype like '$var%'
> OR jobtype like '%$var%'
> OR jobtype like '%$var'
> OR jobtype like '$var' order by date asc;
>
> basically i'm doing a search for any string that matches the searched
> input, being at the beginning, middle or end of the jobtype column.
>
> query works great, except when the string contains the 4-letter word
> 'info' such as information or informative
> then the mysql query breaks down and give the usual:
>
> Error performing query: You have an error in your SQL syntax. Check the
> manual that corresponds to your MySQL server version for the right
> syntax to use near 'ORDER BY date ASC' at line 1
>
> Now after much debugging, i found out that the php _POST variable
> treats anything with info as a numner of 0 value.
> inf is treated as text, nformation is treated as text, but anything
> with info gets a 0 value.
>
> Searched php.net and couldn't find anything related to this feature,
> looked under security to see if it was related to that, but nothing.
>
> Can anyone look into it and elaborate?
> create a form, then echo the value of the $_POST variable
> and try words that contain info in them.
>
> thanks.
>
> SBJ
>

--
Scott Johnson
http://www.seaforthsailingclub.com

• Next in forum: Re: Using a function within a class
• Prev in forum: Re: conditional statements and loops
• Thread view: Re: php form info...

[Reply to this message]