WampServer
Apache, PHP, MySQL
on Windows
PHP not consistently passing form data
Posted by:
EN1GM4
(---.bristol.ca)
Date: August 20, 2007 08:25PM
Hi,
I need help. Major help. I've done a million tests to determine what the root of problem is.
So my problem...my php/html forms are not consistently passing form field data to it's posting page. When I change my form type to "GET", everything works fine. But I'm doing database updates, and I can't allow the user to have the opportunity to do database updates by modifying the URL of the page that the form's posting to. So a POST is definitely required.
To verify that there was nothing wrong with my code, I created a simple form, with a checkbox and a submit button, posting data to my WAMP server. The page that it is posting to sits on the WAMP server and is to display the field names and their values. However, data does not consistently display
I used the same form (checkbox and submit button), and converted the page it's posting to, to ASP, and moved it to an IIS server. Data is consistently passed from client side to the page on the IIS server and nothing ever goes wrong
On the WAMP server, I'm using SSPI for user authentication because I'm working with a Windows domain. When I remove the SSPI authentication, and modules, everything suddenly works perfectly fine. I don't understand why, but I am 90% sure that this is the cause of my problem.
I don't know what I can do. I definitely need some sort of security on the WAMP server, and from what I understand, SSPI is pretty much my only option when working with a Windows domain. I was wondering if there's something I can do to make everything work, or if anyone's had similar issues and has a solution. Any kind of response would be EXTREMELY appreciated.
If anyone needs any kinda clarification on my issue, please don't hesitate to ask.
Here's source code I'm using....
Client Side Form
------------------------
<html>
<body>
<form method="post" name="frmWeaksauce" action="[10.1.201.219];
<table border="0">
<tr><td width="634"><input type="submit" value="ADD REVISION" name="btnPost">
</td></tr>
</table>
<table border='1' >
<tr><td><font face='Arial' size='2'><input type='checkbox' value="weaksauce" name='B18458~141~WODONNEL20060510'></font></td><td><font face='Arial' size='2'>B18458</font></td> <td><font face='Arial' size='2'>141</font></td><td><font face='Arial' size='2'>WODONNEL20060510</font></td></tr><BR>
<input type="hidden" value="poop" name="weaksauce2">
</form>
</body>
</html>
Server Side
----------------
<?php
echo "Start dump....<BR>";
foreach($_POST as $key=>$value) {
echo "Field Name: $key *** Value: $value<BR>";
} // End of foreach
echo "End dump....<BR>";
?>
I need help. Major help. I've done a million tests to determine what the root of problem is.
So my problem...my php/html forms are not consistently passing form field data to it's posting page. When I change my form type to "GET", everything works fine. But I'm doing database updates, and I can't allow the user to have the opportunity to do database updates by modifying the URL of the page that the form's posting to. So a POST is definitely required.
To verify that there was nothing wrong with my code, I created a simple form, with a checkbox and a submit button, posting data to my WAMP server. The page that it is posting to sits on the WAMP server and is to display the field names and their values. However, data does not consistently display
I used the same form (checkbox and submit button), and converted the page it's posting to, to ASP, and moved it to an IIS server. Data is consistently passed from client side to the page on the IIS server and nothing ever goes wrong
On the WAMP server, I'm using SSPI for user authentication because I'm working with a Windows domain. When I remove the SSPI authentication, and modules, everything suddenly works perfectly fine. I don't understand why, but I am 90% sure that this is the cause of my problem.
I don't know what I can do. I definitely need some sort of security on the WAMP server, and from what I understand, SSPI is pretty much my only option when working with a Windows domain. I was wondering if there's something I can do to make everything work, or if anyone's had similar issues and has a solution. Any kind of response would be EXTREMELY appreciated.
If anyone needs any kinda clarification on my issue, please don't hesitate to ask.
Here's source code I'm using....
Client Side Form
------------------------
<html>
<body>
<form method="post" name="frmWeaksauce" action="[10.1.201.219];
<table border="0">
<tr><td width="634"><input type="submit" value="ADD REVISION" name="btnPost">
</td></tr>
</table>
<table border='1' >
<tr><td><font face='Arial' size='2'><input type='checkbox' value="weaksauce" name='B18458~141~WODONNEL20060510'></font></td><td><font face='Arial' size='2'>B18458</font></td> <td><font face='Arial' size='2'>141</font></td><td><font face='Arial' size='2'>WODONNEL20060510</font></td></tr><BR>
<input type="hidden" value="poop" name="weaksauce2">
</form>
</body>
</html>
Server Side
----------------
<?php
echo "Start dump....<BR>";
foreach($_POST as $key=>$value) {
echo "Field Name: $key *** Value: $value<BR>";
} // End of foreach
echo "End dump....<BR>";
?>
Re: PHP not consistently passing form data
Posted by:
melban
(---.norwood.com)
Date: August 20, 2007 08:55PM
How much post data are you sending the script? I don't know what the default is but I've changed my php.ini file to show the below which is 8MB. Restart apache after making the change.
post_max_size = 8M
post_max_size = 8M
Re: PHP not consistently passing form data
Posted by:
EN1GM4
(---.bristol.ca)
Date: August 20, 2007 09:09PM
[sourceforge.net]
thank you very much for your response.
Yes, I read a couple forums and someone suggested the same thing and I made that change. It didn't do anything.
But just like, 2 minutes ago, I came across people that have the exact same issue. Maybe this will explain it better...
[sourceforge.net]
I'm currently reading into it right now...I think it may have the solution. Thanks
thank you very much for your response.
Yes, I read a couple forums and someone suggested the same thing and I made that change. It didn't do anything.
But just like, 2 minutes ago, I came across people that have the exact same issue. Maybe this will explain it better...
[sourceforge.net]
I'm currently reading into it right now...I think it may have the solution. Thanks
Re: PHP not consistently passing form data
Posted by:
CyberSpatium
(---.hsd1.or.comcast.net)
Date: August 21, 2007 01:50AM
EN1GM4 wrote:
> So my problem...my php/html forms are not consistently passing
> form field data to it's posting page. When I change my form
> But I'm doing database updates, and I can't allow the user to
> have the opportunity to do database updates by modifying the
> URL of the page that the form's posting to. So a POST is
> definitely required.
just because you switch to post does not mean your php code is not vulnerable to sql injection attacks. you still need to write secure code.
- check and validate every value a user submits. make sure that is the correct type (string, boolean, integer, float, etc), the correct length, and make sure you use ereg() or eregi() and pattern matching to only allow the characters you want the user to be allowed to submit:
ereg(), eregi(), isset(), gettype(), intval(), is_int(), is_bool(), is_float(), is_numeric(), is_string(), is_array(), is_object(), settype(), etc.
- escape every questionable character in your queries
do not use addslashes(), that just does not provide any kind of security. use mysq_real_escape_string(). However, take note that using mysq_real_escape_string(). is a way to help secure you code, but it is not a 100% failsafe. you still need to write secure code.
Here are some related posts on my Web Development for Newbies Blog:
Basic PHP Security
Basic PHP script security covers issues like prevention of SQL injections, XSS and CSRF attacks, variable tampering, etc.
PHP Security by Example
Nice flash presentation that will provide you with a good foundation on how to make your PHP apps more secure.
PHP Password Security Using Salts
Learn to make unique-per-user salts to create un-bruteforceable passwords. This method will prevent brute forcing from online md5 databases and rainbow tables.
A (safe) contact form using Xajax and PHPmailer
Try this tutorial to create web form to send e-mails to ONE e-mail address without having problems with spambots. The e-mail is send with SMTP and the form is processed with Xajax.
Secure File Upload with PHP
PHP makes uploading files easy. You can upload any type of file to your Web server. But with ease comes danger and you should be careful when allowing file uploads.
CyberSpatium
----------------------
WAMP English Forum Admin
I have WAMP5 working with (for development use only):
Windows Vista Ultimate x64 (64 bit)
Kaspersky Internet Security Suite 7.0.x
Spyware Terminater 2.x
CounterSpy 2.5.x
Need help? Check out my WAMP User Manual/Guide here!
Cellular Phone Deals - The Best on the Net! - FREE PHONES! Take your pick from our featured cellular phone deals by Cingular, Verizon, T-Mobile, Sprint PCS, Nextel, and more! Most of our cellular phone offers include a FREE cellular phone with FREE shipping!
Web Development for Newbie's Blog - Check out my new blog. It is for web developers, and especially tailored for the web development newbie. If you are not fluent in geek speak, then this incredible resource is just you. And even if you are a web development pro, this is a great resource to check out some of the latest web development tips, news, tutorials, codes and more.
Clarify Loans
Mortgage and Home Loan Advice
LaxGo Web Directory
Powerful human edited web directory of quality, spam-free sites organized via a comprehensive category structure.
> So my problem...my php/html forms are not consistently passing
> form field data to it's posting page. When I change my form
> But I'm doing database updates, and I can't allow the user to
> have the opportunity to do database updates by modifying the
> URL of the page that the form's posting to. So a POST is
> definitely required.
just because you switch to post does not mean your php code is not vulnerable to sql injection attacks. you still need to write secure code.
- check and validate every value a user submits. make sure that is the correct type (string, boolean, integer, float, etc), the correct length, and make sure you use ereg() or eregi() and pattern matching to only allow the characters you want the user to be allowed to submit:
ereg(), eregi(), isset(), gettype(), intval(), is_int(), is_bool(), is_float(), is_numeric(), is_string(), is_array(), is_object(), settype(), etc.
- escape every questionable character in your queries
do not use addslashes(), that just does not provide any kind of security. use mysq_real_escape_string(). However, take note that using mysq_real_escape_string(). is a way to help secure you code, but it is not a 100% failsafe. you still need to write secure code.
Here are some related posts on my Web Development for Newbies Blog:
Basic PHP Security
Basic PHP script security covers issues like prevention of SQL injections, XSS and CSRF attacks, variable tampering, etc.
PHP Security by Example
Nice flash presentation that will provide you with a good foundation on how to make your PHP apps more secure.
PHP Password Security Using Salts
Learn to make unique-per-user salts to create un-bruteforceable passwords. This method will prevent brute forcing from online md5 databases and rainbow tables.
A (safe) contact form using Xajax and PHPmailer
Try this tutorial to create web form to send e-mails to ONE e-mail address without having problems with spambots. The e-mail is send with SMTP and the form is processed with Xajax.
Secure File Upload with PHP
PHP makes uploading files easy. You can upload any type of file to your Web server. But with ease comes danger and you should be careful when allowing file uploads.
CyberSpatium
----------------------
WAMP English Forum Admin
I have WAMP5 working with (for development use only):
Windows Vista Ultimate x64 (64 bit)
Kaspersky Internet Security Suite 7.0.x
Spyware Terminater 2.x
CounterSpy 2.5.x
Need help? Check out my WAMP User Manual/Guide here!
Cellular Phone Deals - The Best on the Net! - FREE PHONES! Take your pick from our featured cellular phone deals by Cingular, Verizon, T-Mobile, Sprint PCS, Nextel, and more! Most of our cellular phone offers include a FREE cellular phone with FREE shipping!
Web Development for Newbie's Blog - Check out my new blog. It is for web developers, and especially tailored for the web development newbie. If you are not fluent in geek speak, then this incredible resource is just you. And even if you are a web development pro, this is a great resource to check out some of the latest web development tips, news, tutorials, codes and more.
Clarify Loans
Mortgage and Home Loan Advice
LaxGo Web Directory
Powerful human edited web directory of quality, spam-free sites organized via a comprehensive category structure.
Re: PHP not consistently passing form data
Posted by:
EN1GM4
(---.bristol.ca)
Date: August 21, 2007 02:42PM
W0w. Thats a lot of references and documentation. I reeeeeelie appreciate it!!
I'm definitely going to look into that.
But I also figured out my issue. Using SSPI authentication version 1.0.4 on a WAMP prevents data from being posted consistently. There's a setting you can turn on in the http config file., which is SSPIPerRequestAuth.
Thaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaanks so much for the response and links to some really useful stuff.
I'm definitely going to look into that.
But I also figured out my issue. Using SSPI authentication version 1.0.4 on a WAMP prevents data from being posted consistently. There's a setting you can turn on in the http config file., which is SSPIPerRequestAuth.
Thaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaanks so much for the response and links to some really useful stuff.
Sorry, only registered users may post in this forum.
