0

Hello I am using $_POST['value']; to grab value on the 2nd page and all the combination works including ' but when I use ", it doesnt work, so let say I will write "test" and on the 2nd page will get empty $_POST[value]; I have magic Quotes OFF and this is only happening on input fields but not on the textarea fields. I am not escaping any strings using mysql-real-escape-string Very strange, please help.

<form method="post" name="UploadForm" id="UploadForm" action="sellitem2.php" enctype="multipart/form-data" >

<input class="button_date" type="text" name="auction_title" style="text-transform:none;" id="auction_title" value="<?php echo $_POST['auction_title']; ?>" size="32" minlength="2" maxlength="21" required/>

<input class="button2" style="border-right:none; font-size:13px;" name="Next Step" id="submit" type="submit" value="Next Step" onClick="removeFocus()"/>

</form>

And on the second page I have got nothing once typed "TEST" or any " inside that field

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
user974435
  • 377
  • 2
  • 13
  • 31

3 Answers3

0

Instead of "test" use \"test\"

Or Even better use:

$input_arr = array();   

//grabs the $_POST variables and adds slashes    
foreach ($_POST as $key => $input_arr) {   
  $_POST[$key] = addslashes($input_arr);   
}
Prid
  • 1,272
  • 16
  • 20
user1675224
  • 213
  • 2
  • 12
0

You have to learn HTML. And especially tag attributes syntax. In PHP you have to use htmlspecialchars to encode them.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

You can write the content of a textarea directly into it, iirc there's no value attribute:

  <textarea><?php echo $foo;?></textarea>

See https://stackoverflow.com/a/6007262/838733

And you shouldn't write $_POST values directly without encoding them to prevent XSS attacks.

Community
  • 1
  • 1
nietonfir
  • 4,797
  • 6
  • 31
  • 43