How to post special/reserved characters from HTML forms to PHP pages?

About

Asked 9/8, 2012 at 15:39 Answered 24/1, 2017 at 8:36

I have a form that looks like this:

<form action="/assesment/savelist/" method="post">
    <input type="hidden" name="owner" value="<?php echo $userid ?>" />
    <input type="text" name="title" value="Question List Title" />
    <textarea name="description"></textarea>
    <input type="submit" />
</form>

In the description people will have to be able to use the £ character (among other non-allowed characters).

Is there anyway to convert these characters to something that is allowed before posting them to my PHP page?

Hi All, thanks for your comments so far.

If I do print_r($_POST) on my "savequestion" it outposts the postdata that gets sent to it from that form.

however, if there is a £ in any of the fields then that specific character doesnt get sent. For example if I was to post "sdfsdfs £ adasd" from that form all that would get sent is "sdfsdfs adasd"

the question is how do I convert the £ to something that I can send as post data from a HTML form.

Polythene answered 9/8, 2012 at 15:39 Comment(15)

Have you tried htmlspecialchars()? – Pitt 9/8, 2012 at 15:41

"£" is allowed just fine. What problem do you have with sending it? – Delphinedelphinia 9/8, 2012 at 15:41

@Pitt you use £ when you fill out web forms ? – Melodics 9/8, 2012 at 15:42

All other characters seam to send fine... When I try submitting that the form breaks. Hi Matt, I am unsure how to use htmlspecialchars() to convert before the form is sent. – Polythene 9/8, 2012 at 15:42

what do you mean by allowed and not-allowed? – Trencherman 9/8, 2012 at 15:42

How does it break? Describe your problem. The solution you are looking for is going in the wrong direction. – Delphinedelphinia 9/8, 2012 at 15:43

@chris $description = htmlspecialchars($_POST['description']); although bear in mind that this will convert other characters as well. Personally I'd store everything un-converted, then convert on output. – Metre 9/8, 2012 at 15:43

@Pitt That's a bad solution for something that's not a real problem. You just need to handle encodings correctly. – Delphinedelphinia 9/8, 2012 at 15:44

BEFORE posting implies using javascript. Why not process it AFTER posting with the PHP functions mentioned here – Bozcaada 9/8, 2012 at 15:44

Read: Handling Unicode Front To Back In A Web App – Delphinedelphinia 9/8, 2012 at 15:45

The sane way is to encode special characters only when displaying them. – Melodics 9/8, 2012 at 15:45

@Melodics But this is not about display. It is about input. – Timework 9/8, 2012 at 15:47

I'm pretty sure it is, because he is looking at it in some way and it is probably not escaped/encoded the correct way. HTML escaping data before putting it in a database (or whatever storage) is a very bad idea. On that note... @Chris how did you determine that the character is forbidden ? – Melodics 9/8, 2012 at 15:50

Hi All, thanks for your comments so far. If I do print_r($_POST) on my "savequestion" it outposts the postdata that gets sent to it from that form. however, if there is a £ in any of the fields then that specific character doesnt get sent. For example if I was to post "sdfsdfs £ adasd" from that form all that would get sent is "sdfsdfs adasd" the question is how do I convert the £ to something that I can send as post data from a HTML form. – Polythene 9/8, 2012 at 15:52

For anybody looking to manually escape encode special characters there's this - encodeURIComponent() – Madel 9/8, 2012 at 16:0

WIN!

The solution is to add accept-charset="utf-8" to the form tag.

I didnt have the option to add this to the header of the page but adding it to the form tag solved all my issues. Big shout out to @deceze for posting a link to this website http://kunststube.net/frontback/

Polythene answered 9/8, 2012 at 16:0 Comment(1)

You might want to check the encoding of the page itself too. – Melodics 9/8, 2012 at 16:3

Browsers will automatically encode data when it is submitted via the standard form submit mechanism.

PHP will automatically decode data when it populates $_POST/GET/REQUEST.

You don't need to do anything at that stage.

You might need to encode the data before inserting it into a database / some HTML / an email / a URI / some other data format, but that would depend on what you are doing with the data.

Ballroom answered 9/8, 2012 at 15:45 Comment(3)

What if the PHP instance does not support/use unicode? (How are non-ASCII characters be handled then?) – Timework 9/8, 2012 at 15:46

@pst by default the browser encodes post data using the page encoding. If you don't support unicode the page encoding will not be unicode. – Melodics 9/8, 2012 at 15:47

@Melodics Neat. I never knew that. – Timework 9/8, 2012 at 15:48

Browsers will 'automatically' "encode" <> data when it is submitted via the standard form submit mechanism.

Pa answered 24/1, 2017 at 8:36 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags