1

Heres my form:

<form method="POST" enctype="multipart/form-data"  action="/my-account/update">
    <select name="userType"  class="form-control" >
        <option value="0">0</option>
        <option value="1">1</option>
        <option value="2" selected="selected">2</option>
    </select>
    <select name="userIsInSearch"  class="form-control" >
        <option value="1" selected="selected">1</option>
        <option value="0">0</option>
    </select>
    <input type="text" class="form-control" id="fwn" name="signupfname">
    <input type="text" class="form-control" id="sn" name="signupsname">
    <input type="text" class="form-control" id="usrf" name="signupemail">
    <input type="password" class="form-control" id="pwdf" name="signuppass">
    <input type="password" class="form-control" id="pwdfc" name="signuppassconf">
    <input type="submit" value="Update!" class="btn btn-green" />
</form>

I've noticed that 9/10 the form POSTs completely fine but sometimes it has a problem, I've noticed this on another form on the website too and I cant figure out what is causing it.

I have found a way to make the problem happen everytime, by simply typing "alert(" (without quotations) into any of the input fields causes the entire POST to be empty but php://input is fine.

The system is in codeigniter and I have tried dumping $_POST and php://input at the top of the index.php file and have the same results so I dont think it is codeigniter causing it.

Any help or ideas greatly appreciated!

Callum
  • 33
  • 6
  • **Mod Security**, perhaps? Is this on your own local machine, or on a hosted server somewhere? I've had bizarro, hard-to-track issues come up as a result of mod_security being enabled on the Apache server, and the rules were grabbing things like that, as well as other SQL-injection smelling inputs. – random_user_name Dec 17 '15 at 22:15
  • It is on a hosted server. there is forms on the site where I can enter that into an input area and it posts with no issues, and I cant see the difference in the forms – Callum Dec 17 '15 at 22:28
  • How are you determining that $_POST is empty? Are you doing a `var_dump($_POST);` or similar? – random_user_name Dec 17 '15 at 22:29
  • Using `"; $data = file_get_contents('php://input'); print "DATA: 
    ";
var_dump($data);
var_dump($_POST);
print "
    "; ?>`     – Callum Dec 17 '15 at 22:33
  • I presume you've reviewed / exhausted all the advice in this Q&A: http://stackoverflow.com/questions/1282909/php-post-array-empty-upon-form-submission – random_user_name Dec 17 '15 at 22:34
  • Yeah, that was the first thing I found – Callum Dec 17 '15 at 22:42
  • Sorry, I'm at a loss. Hopefully someone else has some ideas! – random_user_name Dec 17 '15 at 22:44

0 Answers0