-1

I have the following code, but when I echo $url, $id2 or $message, the variables come out to be empty. The php action file has no problem and is working. Just a note that this is being echoed using php, and is displayed just fine.

<form name="comment" method="post" action="comment.php" onSubmit="return form_Validator(this)">
<table width=\"100%\">
    <tr>
            <th colspan=\"2\">Title</th>
    </tr>
    <tr valign=\"top\">
            <th scope=\"row\"> </th>
            <td><div align=\"center\"><textarea class=\"formtext\" tabindex=\"4\" id=\"message\" name=\"message\" rows=\"10\" cols=\"50\"></textarea></div></td>
    </tr>

    <tr>    
            <td>&nbsp;</td>
            <td><div align=\"center\"><input type=\"submit\" name=\"post\" class=\"submit\" value=\"Comment\" /></div><br />
</td>
    </tr>
</table>
<input type=\"hidden\" name=\"submit\" value=\"true\"> 
<input type=\"hidden\" name=\"url\" value=\"$url\" />
<input type=\"hidden\" name=\"id2\" value=\"$id2\" />
</form>

Clarification: Problem is that the variables I am sending to the php function turn out to be empty. There is nothing in them. I looked in the other answered questions for the similar problem, and someone mentioned that rewrite rules can mess with the $_POST stuff. Is that true? Do I have to have something else in the htaccess to allow the variables to be transferred?

Also, PHP file:

<?php
if (userinfo['userid']!=0) {


$url = $_POST["url"];
$id2 = $_POST["id2"];
$email = $_POST["email"];
$message = $_POST["message"];

// These return nothing:
echo $url;
echo $id2;
echo $message;

$sendcomment = mysql_query("INSERT INTO comments SET tutorialid='$id2', email='$email', comment='$message', date=now()");

if($sendcomment){
    header("Location: $url");
} else {
    // Do Nothing
}
} else {
    header("Location: 403.php");
}
?>
BlizzardAlpha
  • 41
  • 9

1 Answers1

2

Why are you escaping?

Delete it and it works

<form name="comment" method="post" action="comment.php" onSubmit="return form_Validator(this)">
<table width="100%">
    <tr>
            <th colspan="2">Title</th>
    </tr>
    <tr valign="top">
            <th scope="row"> </th>
            <td><div align="center"><textarea class="formtext" tabindex="4" id="message" name="message" rows="10" cols="50"></textarea></div></td>
    </tr>

    <tr>    
            <td>&nbsp;</td>
            <td><div align="center"><input type="submit" name="post" class="submit" value="Comment" /></div><br />
</td>
    </tr>
</table>
<input type="hidden" name="submit" value="true"> 
<input type="hidden" name="url" value="$url" />
<input type="hidden" name="id2" value="$id2" />
</form>

demo

Delete this part of your code it's incorrect:

 if($sendcomment){
    header("Location: $url");
} else {
    // Do Nothing
}
} else {
    header("Location: 403.php");
}
Jouke
  • 459
  • 1
  • 7
  • 20
  • No because as I said in my main post, I echo the entire form using php. So, it is something like: echo "all the html code with escaping"; I believe, it has something to do with rewrite rules. – BlizzardAlpha Apr 10 '14 at 22:43
  • So, I found the problem, but I don't know how to fix it. The problem is in the htaccess where there is a set redirect. So, all the $_POST data is dropped. Is there a way I can make it ignore that rule for my sendcomment.php? How can I fix the htaccess file so it doesn't redirects and $_POST data is not lost? – BlizzardAlpha Apr 10 '14 at 23:41
  • Can you show me the whole code? In this situation escaping is not needed just do echo "" and inside the tags use ' – Jouke Apr 11 '14 at 07:12
  • And show your htacces file, please. The problem can be a possible duplicate of http://stackoverflow.com/a/4638696/3489793 – Jouke Apr 11 '14 at 07:19
  • I actually have bunch of stuff in my htaccess, but it looks like this `RewriteRule ^(.*)$ http://www.myweb.com/$1 [R=301,L]` and I believe Jouke is right that it is the same problem as that one, but after adding that solution it didn't fix it. It did gave me a black page. – BlizzardAlpha Apr 12 '14 at 09:11
  • This is the site that I am running it on: [link](http://www.onepiecebay.net/News/One-Piece-Chapter-744-667251.html#comments) – BlizzardAlpha Apr 12 '14 at 09:11
  • It redirects to 403.php because your code is incorrect. See my edited post the delete this section. – Jouke Apr 14 '14 at 07:29
  • I believe you might find the answer here as I also had this problem a little while ago: http://stackoverflow.com/questions/22859537/htaccess-stopping-url-parameter – MarkP Apr 14 '14 at 08:00
  • @Jouke but even before that part where it redirects or whatever it does, there are no values gotten from $_POST whatsoever. Deleting that part won't do anything because the values written in database are empty. – BlizzardAlpha Apr 14 '14 at 23:17
  • @MarkP Can you help me fix that for my case? Because yours is $_GET, my get works just fine. – BlizzardAlpha Apr 14 '14 at 23:18
  • It's incorrect code so it may brake other code because of it. Please test this before we try anything else. As a test make it post to test.php (or something) and only put in there. – Jouke Apr 15 '14 at 07:06
  • As expected, it didn't work Jouke. :( I edited in the original file, and removed that code, no change was seen. – BlizzardAlpha Apr 16 '14 at 03:05
  • 1
    Have you tried removing all code in the file and using only to see if it outputs anything? – Jouke Apr 16 '14 at 07:20
  • It worked! A code somewhere else was dumping all the variables before they got to it, it wasn't htaccess, just a real stupid mistake. THANK YOU everyone who helped me get this far! – BlizzardAlpha Apr 17 '14 at 00:04