$_POST + spaces and dots in keys

Re: $_POST + spaces and dots in keys

Sergei Riaguzov wrote:[color=blue]
> I have a very strange behaviour with POST keys.
>
> Consider a test:
>
> wtf.html:
>
> === Cut ===
> <form action="eh.php" method="POST">
> <input type="checkbox" name="many spaces and. . dots. . "/>
> <input type="submit" value="Submit">
> </form>
> === Cut ===
>
> eh.php:
>
> === Cut ===
> <?php
> print_r($_POST) ;
> ?>
> === Cut ===
>
> When we check the checkbox and click the Sumbit button we will see:
>
> Array ( [many_spaces_and ____dots____] => on )
>
> It is send to server normally:
>
> many+spaces+and .+.+dots.+.+=on
>
> but in $_POST (or $HTTP_POST_VARS ) we see what we see. Any ideas?
>[/color]

See the "cannot use "-" in variable names?" thread...

Basically, what I thought was any character that can't be used in a
variable name was automagically converted to an underscore, but
apparently "-" aren't any more.

--
Justin Koivisto, ZCE - justin@koivi.co m

Re: $_POST + spaces and dots in keys

On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
[color=blue]
> Basically, what I thought was any character that can't be used in a
> variable name was automagically converted to an underscore, but apparently
> "-" aren't any more.[/color]

I thought that would only be an issue if register_global s was on (a bad
idea IMHO).

Laie Techie

Re: $_POST + spaces and dots in keys

On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
[color=blue]
> Basically, what I thought was any character that can't be used in a
> variable name was automagically converted to an underscore, but apparently
> "-" aren't any more.[/color]

I thought that would only be an issue if register_global s was on (a bad
idea IMHO).

Laie Techie

Re: $_POST + spaces and dots in keys

On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
[color=blue]
> See the "cannot use "-" in variable names?" thread...[/color]
What have variable names to keys of array?!


$array["w t f"] = ...
print_r($array) ;

works nicely.

But try the example in the first post.

Re: $_POST + spaces and dots in keys

Sergei Riaguzov wrote:[color=blue]
> On Fri, 09 Dec 2005 16:39:25 -0600, Justin Koivisto wrote:
>
>[color=green]
>>See the "cannot use "-" in variable names?" thread...[/color]
>
> What have variable names to keys of array?!
>
>
> $array["w t f"] = ...
> print_r($array) ;
>
> works nicely.
>
> But try the example in the first post.[/color]

PHP does allow free-form strings for array indicies, so that's perfectly
legal. I've never tried it (or heard anything to suggest otherwise), but
in theory, you could probably even use tabs, new lines, carriage
returns, etc. in the array index.

I'm wondering if it isn't PHP that does the conversion at all, but maybe
the web server software... I know when I first noticed that "-"
characters were being replaced I was using apache 1.3 (win & lin) with
php 4.x, but now I am using apache 2 (and php5), but I don't recall ever
finding documentation about this replacement stuff for either software.

--
Justin Koivisto, ZCE - justin@koivi.co m

Re: $_POST + spaces and dots in keys

On Fri, 09 Dec 2005 17:00:34 -0600, Justin Koivisto wrote:
[color=blue]
> I'm wondering if it isn't PHP that does the conversion at all, but maybe
> the web server software... I know when I first noticed that "-"
> characters were being replaced I was using apache 1.3 (win & lin) with
> php 4.x, but now I am using apache 2 (and php5), but I don't recall ever
> finding documentation about this replacement stuff for either software.[/color]
Cool.. That sounds like being a non deterministing finite automaton...
Thanx anyway.

Re: $_POST + spaces and dots in keys

Justin Koivisto wrote:[color=blue]
>
> Basically, what I thought was any character that can't be used in a
> variable name was automagically converted to an underscore, but
> apparently "-" aren't any more.[/color]

Just to check my own sanity I downloaded a copy of PHP 3 to see if that
was the old behavior. It wasn't. Only '.' is converted.

The PHP changes dots to underscores because of the way <input
type="image"> elements behave. If the element has a name, then the
mouse pointer position would be submit as name.x and name.y. In the
days when register_global s was the primary way of accepting input, this
was necessary.

Re: $_POST + spaces and dots in keys

Sergei Riaguzov wrote:[color=blue]
> Consider a test:
>
> wtf.html:
>
> === Cut ===
> <form action="eh.php" method="POST">
> <input type="checkbox" name="many spaces and. . dots. . "/>[/color]

Spaces are not allowed in the name of HTML elements.

<quote src="http://www.w3.org/TR/html4/types.html#h-6.2">
ID and NAME tokens must begin with a letter ([A-Za-z]) and may be
followed by any number of letters, digits ([0-9]), hyphens ("-"),
underscores ("_"), colons (":"), and periods (".").
</quote>
[color=blue]
> <input type="submit" value="Submit">
> </form>
> === Cut ===
>
> eh.php:
>
> === Cut ===
> <?php
> print_r($_POST) ;
> ?>
> === Cut ===
>
> When we check the checkbox and click the Sumbit button we will see:
>
> Array ( [many_spaces_and ____dots____] => on )[/color]

Yes, here also.
[color=blue]
> It is send to server normally:
>
> many+spaces+and .+.+dots.+.+=on[/color]

Yes, here also.
[color=blue]
> but in $_POST (or $HTTP_POST_VARS ) we see what we see. Any ideas?[/color]

I understand the reason the spaces are converted but I do not know why
the points are replaced; you may wnat to try the following if you need
the NAME with the dots and the spaces:

wtf.php (not wtf.html)
=== Cut ===
<form action="eh.php" method="post">
<input type="checkbox" name="<?php echo base64_encode(' many spaces
and. . dots. . '); ?>"/>
<input type="submit" value="Submit">
</form>
=== Cut ===

eh.php
=== Cut ===
<?php
print_r($_POST) ;

$X_POST = array();
foreach ($_POST as $k=>$v) {
$X_POST[base64_decode($ k)] = $v;
}
$_POST = $X_POST;
unset($X_POST);

echo "\n\n========== ======\n\n";
print_r($_POST) ;
?>
=== Cut ===

Re: $_POST + spaces and dots in keys

And the totally bogus reason given in the manual:

Re: $_POST + spaces and dots in keys

Chung Leong wrote:[color=blue]
> And the totally bogus reason given in the manual:
>
> http://fi.php.net/manual/en/language...l.dot-in-names
>[/color]
Why is that a bogus reason? If you use the register_global s way of
accessing the variables, there's no way to access a variable with a dot
in it. If youy access it via a superglobal, you explicitly give the name
as a string ($_POST['variable . rest']), but is used as a variable it reads:
$variable . rest
which is converted to
$variable . 'rest'
As the section after the dot is a bare string. So there is no way to
read $_POST['variable . rest'] as a normal (auto-registered)vari able.

Best regards

Re: $_POST + spaces and dots in keys

Dikkie Dik wrote:[color=blue]
> Why is that a bogus reason? If you use the register_global s way of
> accessing the variables, there's no way to access a variable with a dot
> in it. If youy access it via a superglobal, you explicitly give the name
> as a string ($_POST['variable . rest']), but is used as a variable it reads:
> $variable . rest
> which is converted to
> $variable . 'rest'[/color]

Maybe not bogus, just very poorly explained.

Re: $_POST + spaces and dots in keys

Dikkie Dik wrote:[color=blue]
> Chung Leong wrote:
>[color=green]
>> And the totally bogus reason given in the manual:
>>
>> http://fi.php.net/manual/en/language...l.dot-in-names
>>
>>[/color]
> Why is that a bogus reason? If you use the register_global s way of
> accessing the variables, there's no way to access a variable with a dot
> in it. If youy access it via a superglobal, you explicitly give the name
> as a string ($_POST['variable . rest']), but is used as a variable it
> reads:
> $variable . rest
> which is converted to
> $variable . 'rest'
> As the section after the dot is a bare string. So there is no way to
> read $_POST['variable . rest'] as a normal (auto-registered)vari able.
>
> Best regards[/color]

Incorrect.

'variable . rest'

is not converted to

$variable . rest

since it is within single quotes.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: $_POST + spaces and dots in keys

maraguida wrote:
[color=blue]
> <quote src="http://www.w3.org/TR/html4/types.html#h-6.2">
> ID and NAME tokens must begin with a letter ([A-Za-z]) and may be
> followed by any number of letters, digits ([0-9]), hyphens ("-"),
> underscores ("_"), colons (":"), and periods (".").
> </quote>[/color]

Yes, but if you look at the attribute definitions for the INPUT element
<http://www.w3.org/TR/html401/interact/forms.html#h-17.4>, you'll see that
the name attribute is defined as CDATA, and not a NAME token. The NAME
token type that you've quoted only actually applies to the META element's
name (and http-equiv) attribute.

Thus '<input name="/This\ %is+ $a; ~valid# @name^ |attribute!">' is
valid HTML 4, though it might not be very well supported.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Re: $_POST + spaces and dots in keys

Toby Inkster wrote:[color=blue]
> maraguida wrote:
>[color=green]
> > <quote src="http://www.w3.org/TR/html4/types.html#h-6.2">[/color][/color]
<irrelevant quote snipped>
[color=blue]
> [...] name attribute is defined as CDATA, and not a NAME token. [...]
>
> Thus '<input name="/This\ %is+ $a; ~valid# @name^ |attribute!">' is
> valid HTML 4 [...].[/color]

Thank you for the correction.