Problem with enctype='multipart/form-data'

I have next form:

echo "<开发者_运维知识库;br><form action ='maketext.php' method='post' enctype='multipart/form-data'>
                <br>
                $table <br><br><br>
                <b>$subject</b> <br>
                Сообщение: <b>$message</b> <br>
                <input name='userfile[]' type='file' /><br />
                <input name='userfile[]' type='file' /><br />
                <input name='userfile[]' type='file' /><br />
                <input type ='submit' name ='Send' size = '10' value = 'Send'>
                <input type ='hidden' name ='subject' value=$subject>
                <input type ='hidden' name ='sms' value=$flagSms>
                <input type ='hidden' name ='email' value=$flagEmail>
                <input type ='hidden' name ='message' value=$message>
                </form>";

I havent problems with files, but I have a problem with encoding of $subject and other variables. I think its because enctype='multipart/form-data'. It really pass and variables and files through one form?

I think your main problem is that your variables $subject etc aren't placed in

' '

try this

echo "<br><form action ='maketext.php' method='post' enctype='multipart/form-data'>
                <br>
                $table <br><br><br>
                <b>$subject</b> <br>
                Сообщение: <b>$message</b> <br>
                <input name='userfile[]' type='file' /><br />
                <input name='userfile[]' type='file' /><br />
                <input name='userfile[]' type='file' /><br />
                <input type ='submit' name ='Send' size = '10' value = 'Send'>
                <input type ='hidden' name ='subject' value='$subject'>
                <input type ='hidden' name ='sms' value='$flagSms'>
                <input type ='hidden' name ='email' value='$flagEmail'>
                <input type ='hidden' name ='message' value='$message'>
                </form>";

You have no quotes around your inputs. If any of those values contain spaces or html metacharacters, your form will "break".

e.g.

$subject = "hi there";

will produce

<input type='hidden' name='Subject' value=hi there />

When this form is submitted, you'll end up with Send=hi, and there will not be transmitted as it's seen as an unknown HTML attribute in the input tag.

You need to have something like this:

<?php ?>
<input type="hidden" name="Subject" value="<?php echo htmlspecialchars($send) " />

Two things of note:

1. I'm not doing this in an echo. While echo can output multiline chunks of text, it's far too painful, plus it's a waste of CPU resources to parse that string as PHP code and then output it. Instead, just drop out of PHP mode and have it output directly as raw html.

2. I've processed $send through htmlspecialchars(). This 'escapes' any special characters which might be otherwise seen as part of the HTML markup and not as part of the data you're passing.