Sending special characters in HTML form
I have an input field (which is filled automatically) with the format name <myemail@host.com>
. I gave the form enctype="application/x-www-form-urlencoded"
, but when I retrieve it in PHP, it shows only the name. Please help me retrieving the email too.
My HTML form:
<fo开发者_如何学运维rm action="{$path_site}{$index_file}" method="POST" enctype="application/x-www-form-urlencoded">
<table>
<tr>
<td>Your Name</td>
<td><input type="text" name="sender_name" size="37" /></td>
</tr>
<tr>
<td>To</td>
<td><input type="text" name="reciever_name" size="37" id="inputString" onkeyup="lookup(this.value)" onblur="fill()" /></td>
</tr>
</table>
</form>
And PHP code:
echo $msg_sender_name = $info[reciever_name];
Extracting the information from comments, where you say:
if the text is like "myName<myEmail@email.com>",
info['reciever_name']
displays only "myName"
I would say that your problem is related to the displaying the results, and is not related to the form.
You probably display the received string as HTML, where the characters "<" and ">" are special.
Instead of
echo $info['reciever_name'];
you should use the htmlspecialchars function:
echo htmlspecialchars($info['reciever_name'], ENT_QUOTES);
This is the most common bug in PHP (and in many other languages).
You should escape all the text you are displaying, especially when it comes from untrusted sources - and every value provided by the user is untrusted.
Failing to escape the output you risk the security of your users - you may want to read about Cross-site-scripting on Wikipedia.
The following PHP code
echo $msg_sender_name = $info[reciever_name];
seems to be missing a couple of quotes. Try this instead:
echo $msg_sender_name = $info['reciever_name'];
精彩评论