Query String Parameters Ignored

[javelin]

I have a php page which allows for users to submit comments via a form. When the form is submitted, all query string parameters are ignored. I know the code is not an issue, as it works on my ISP members area.

Is there something I need to do to get it working on AlterVista?

[karl94]

Are you sure that the script doesn't receive the data from the form? Could you please provide the script that shows the problem?

[javelin]

I figured a code snippet would be required. Rather than post all 232 lines of code, I'll try and give the relevant information below:

An example URL would be http://javelin.altervista.org/article.php?id=43, where 'id' refers to the line number of a file.
This works for links and manual entry, as the contents of the file are correctly retrieved and displayed when not submitting the form. The form action uses $_SERVER['REQUEST_URI'] so that the same php page (and URL) are used for processing. This is the point where things stop working.

Code:

<?php
require("incl/session.php");
require("incl/functions.php");

if (is_numeric(_INPUT('id'))) { // Validate id
   $line = _INPUT('id');
} else {
   $line = 0;
}

$count=1;
$total = countLines("articles");

$articles = fopen("articles", "r");

if ($articles) { // Check if variable exists before continuing
   if ($line > 0 && $line <= $total) { // Ensure $line is valid

[Display file contents, validate form data, do whatever else here]

   } else { // If $line is invalid, display '404 Not Found' error
      header("HTTP/1.1 404 Not Found");
      include("err/404.php");
      exit;
   }
}
fclose($articles);

The session.php file contains the following:

Code:

   session_start();
   $_SESSION['URL'] = $_SERVER['REQUEST_URI'];

functions.php contains various functions used, of which the following is relevant:

Code:

function _INPUT($field) {
   if ($_SERVER['REQUEST_METHOD'] == 'GET') {
      return strip_tags($_GET[$field]);
   }

   if ($_SERVER['REQUEST_METHOD'] == 'POST') {
      return strip_tags($_POST[$field]);
   }
}

As you can see, I display a 404 error page if 'id' is invalid. It is the 404 error I am receiving each time I submit the form on this page, despite the URL being correct and including the query string.

[karl94]

If I understand correctly, you are unsung a form which has the attribute method set to GET, and an action URL with a query component. Well, the HTML specification is clear: any query component of the URL specified is replaced with the form data set.
So it's normal that the id parameter is lost, you should include it in a hidden input element.
This however has nothing to do with AlterVista or PHP.

[javelin]

Sorry, I should have included that code as well (inserted below). The form uses the post method.
I have briefly read that using get and post data shouldn't be done at the same time, but I know this code works as it does so on a different server.

Code:

echo "<h2 class=\"bottom_spacer noprint\">Add a Comment</h2>\n\n";

echo "<form action=\"" . $_SERVER['REQUEST_URI'] . "#cmnt\" method=\"post\" id=\"comment\">\n";
echo "   <p><label for=\"name\">Name<span class=\"required\">*</span></label>&nbsp;<input type=\"text\" name=\"name\" id=\"name\" value=\"" . $name . "\"></p>\n";
echo "   <p><label for=\"email\">Email (not displayed)<span class=\"required\">*</span></label>&nbsp;<input type=\"text\" name=\"email\" id=\"email\" value=\"" . $email . "\"></p>\n";
echo "   <p><label for=\"url\">URL</label>&nbsp;<input type=\"text\" name=\"url\" id=\"url\" value=\"" . $url . "\"></p>\n";
echo "   <p><label for=\"comm\" class=\"hidden\">Comment</label><textarea name=\"comment\" id=\"comm\" rows=\"8\" cols=\"50\">$comment</textarea></p>\n";
echo "   <p><input type=\"submit\" name=\"submit\" value=\"Add Comment\" class=\"button\" onmouseover=\"this.className='button btnhover'\" onmouseout=\"this.className='button'\"></p>\n";
echo "</form>\n";

[karl94]

Even if you send the form using the POST method there's a problem: you're trying to get the value of a parameter named id that's located in the query component of the URL, but you're using the function _INPUT and this looks for it in the $_POST array when the HTTP method used is POST like in this case.
So it's still valid the suggestion I gave you: use a hidden input element to send the id parameter.

[javelin]

Thanks Karl, that worked a treat and makes perfect sense. Although I don't understand why this code worked properly in the past? Maybe I'll put it down to chance or a fluke or something. :-)

Thanks again.