|
Posted by Richard Lynch on 05/13/05 09:20
On Thu, May 12, 2005 8:41 pm, Andre Dubuc said:
> I've had some rather odd intermittent behavior with a select list drawn by
> a
> 'require' on my production site. Sometimes, rather than displaying 'In
> USA/Canada' from the '<option selected>In USA/Canada</option>' code in the
> required file, it will display a blank. Yet, if I try to duplicate this
> behavior on the development box, it will display as coded.
>
> Since I use this text string as a validator for user input, it really
> messes
> up the database/code functions that rely on it.
In that case, your validation routines aren't very good.
You have to assume the data coming from the browser is completely messed
up in malicious ways. If not providing that item in the menu will break
your script or hash your data, then that's really a bigger problem than
the one you think you have.
> <?php require("provcountry.sty"); ?>
>
> [snippet of 'require' text (provcountry.sty)]
> <tr>
> <td><b>State </b></td>
> <td><SELECT NAME=selstate>
> <option selected>In USA/Canada</option>
I'd try using an html entity on the '/' in USA/Canada
> <option value="Alabama">Alabama</option>
> . . .
> </SELECT></td>
> </tr>
>
> [snippet of some validating code verifying $selstate that relies on
> $selstate]
>
> <?php
> if (($_POST['selstate'] != "In USA/Canada")&&($_POST['typstate'] != ""))
> die ("<h5><br><br>Please choose from 'In USA/Canada' or type in 'Other
> State'.
> <br>Do not use both<br><br>Click 'Back' on your browser to
> re-enter information</h5>");
> ?>
>
> Any ideas why this is happening?
It's quite possible that some sort of php.ini setting with Magic Quotes or
something is altering the '/' character as well.
What *IS* in $_POST['selstate'] when it breaks? Log it and see what the
data is.`
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|