6

I have a form that looks like this:

<form action="/assesment/savelist/" method="post">
    <input type="hidden" name="owner" value="<?php echo $userid ?>" />
    <input type="text" name="title" value="Question List Title" />
    <textarea name="description"></textarea>
    <input type="submit" />
</form>

In the description people will have to be able to use the £ character (among other non-allowed characters).

Is there anyway to convert these characters to something that is allowed before posting them to my PHP page?

Hi All, thanks for your comments so far.

If I do print_r($_POST) on my "savequestion" it outposts the postdata that gets sent to it from that form.

however, if there is a £ in any of the fields then that specific character doesnt get sent. For example if I was to post "sdfsdfs £ adasd" from that form all that would get sent is "sdfsdfs adasd"

the question is how do I convert the £ to something that I can send as post data from a HTML form.

Chris Headleand
  • 6,003
  • 16
  • 51
  • 69
  • Have you tried [`htmlspecialchars()`](http://php.net/manual/en/function.htmlspecialchars.php)? – Matt Aug 09 '12 at 15:41
  • "£" ***is*** allowed just fine. What problem do you have with sending it? – deceze Aug 09 '12 at 15:41
  • 1
    @Matt you use £ when you fill out web forms ? – Vatev Aug 09 '12 at 15:42
  • All other characters seam to send fine... When I try submitting that the form breaks. Hi Matt, I am unsure how to use htmlspecialchars() to convert before the form is sent. – Chris Headleand Aug 09 '12 at 15:42
  • what do you mean by allowed and not-allowed? – Kalpesh Aug 09 '12 at 15:42
  • 2
    *How* does it break? Describe your problem. The solution you are looking for is going in the wrong direction. – deceze Aug 09 '12 at 15:43
  • @chris `$description = htmlspecialchars($_POST['description']);` although bear in mind that this will convert other characters as well. Personally I'd store everything un-converted, then convert on output. – Bojangles Aug 09 '12 at 15:43
  • @Matt That's a bad solution for something that's not a real problem. You just need to handle encodings correctly. – deceze Aug 09 '12 at 15:44
  • BEFORE posting implies using javascript. Why not process it AFTER posting with the PHP functions mentioned here – Waygood Aug 09 '12 at 15:44
  • Read: [Handling Unicode Front To Back In A Web App](http://kunststube.net/frontback/) – deceze Aug 09 '12 at 15:45
  • 1
    The sane way is to encode special characters only when displaying them. – Vatev Aug 09 '12 at 15:45
  • 1
    @Vatev But this **is not about display**. It is about input. –  Aug 09 '12 at 15:47
  • I'm pretty sure it is, because he is looking at it in some way and it is probably not escaped/encoded the correct way. HTML escaping data before putting it in a database (or whatever storage) is a very bad idea. On that note... @Chris how did you determine that the character is forbidden ? – Vatev Aug 09 '12 at 15:50
  • Hi All, thanks for your comments so far. If I do print_r($_POST) on my "savequestion" it outposts the postdata that gets sent to it from that form. however, if there is a £ in any of the fields then that specific character doesnt get sent. For example if I was to post "sdfsdfs £ adasd" from that form all that would get sent is "sdfsdfs adasd" the question is how do I convert the £ to something that I can send as post data from a HTML form. – Chris Headleand Aug 09 '12 at 15:52
  • For anybody looking to manually escape encode special characters there's this - [encodeURIComponent()](https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Global_Objects/encodeURIComponent) – Robin Maben Aug 09 '12 at 16:00

3 Answers3

15

WIN!

The solution is to add accept-charset="utf-8" to the form tag.

I didnt have the option to add this to the header of the page but adding it to the form tag solved all my issues. Big shout out to @deceze for posting a link to this website http://kunststube.net/frontback/

Chris Headleand
  • 6,003
  • 16
  • 51
  • 69
3

Browsers will automatically encode data when it is submitted via the standard form submit mechanism.

PHP will automatically decode data when it populates $_POST/GET/REQUEST.

You don't need to do anything at that stage.

You might need to encode the data before inserting it into a database / some HTML / an email / a URI / some other data format, but that would depend on what you are doing with the data.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • What if the PHP instance does not support/use unicode? (How are non-ASCII characters be handled then?) –  Aug 09 '12 at 15:46
  • 1
    @pst by default the browser encodes post data using the page encoding. If you don't support unicode the page encoding will not be unicode. – Vatev Aug 09 '12 at 15:47
  • @Vatev Neat. I never knew that. –  Aug 09 '12 at 15:48
0

Browsers will 'automatically' "encode" <> data when it is submitted via the standard form submit mechanism.

user7461775
  • 11