Home>

Currently, I am using PHP to create an input screen and an input check screen.
As a flow
(1) On the input screen, enter three items: "Name", "Password to register", and "Password same as registered password".
(2) On the input check screen, "Name" will be displayed if it is correctly entered on the input screen, and if it is not entered correctly, "Name is not entered" or "Password is entered" will be displayed according to the mistake. "No password" or "Password does not match."
It becomes the flow that.

Although it is

, "Name is not entered" is displayed on the input check screen even though the name was entered on the input screen. Specific situations and images are listed below. I would appreciate your help.

Error message

Even if a name is entered on the input screen, the message "No name entered" appears on the input check screen.
For example, if you enter the following on the input screen

On the input check screen, the result is that the staff name is not entered even though the name should have been entered

However, if everything is entered correctly on the input screen,

The name is reflected on the input check screen.

Applicable source code

The code for the input screen.

staff_add.php
<! DOCTYPE html>
<html>
<head>
<meta charset = "UTF-8">
<title>Rokumaru farm</title>
</head>
<body>
        Add staff<br />
        <br />
        <form method = "post" action = "staff_add_check.php">
                Please enter a staff name.<br />
            <input type = "text" name = "name" style = "width: 200px"><br />Please enter your password<br />
            <input type = "password" name = "pass" style = "width: 100px"><br />
                Please enter your password again.<br />
            <input type = "password" name = "pass2" style = "width: 100px"><br />
                <br />
            <input type = "button" onclick = "history.back ()" value = "Back">
            <input type = "submit" value = "OK">
        </form>
</body>
</html>


Input check screen code

staff_add_check.php
<! DOCTYPE html>
<html>
<head>
<meta charset = "UTF-8">
<title>Rokumaru farm</title>
</head>
<body>
        <? php
        $staff_name = $_POST ['name'];
        $staff_pass = $_POST ['pass'];
        $staff_pass2 = $_POST ['pass2'];
        $staff_name = htmlspecialchars ($staff_name, ENT_QUOTES, 'UTF-8');
        $staff_name = htmlspecialchars ($staff_pass, ENT_QUOTES, 'UTF-8');
        $staff_pass2 = htmlspecialchars ($staff_pass2, ENT_QUOTES, 'UTF-8');
        if ($staff_name == '') {
            print'staff name is not entered.<br />';
        }
        else {
            print 'Staff Name:';print $staff_name;
            print '<br />';
        }
        if ($staff_pass == '') {
            print 'Password has not been entered.<br />';
        }
        if ($staff_pass! = $staff_pass2) {
            print 'Password does not match.<br />';
        }
        if ($staff_name == '' || $staff_pass == '' || $staff_pass! = $staff_pass2) {
            print '<form>';
            print '<input type = "button" onclick = "history.back ()" value = "back">';
            print '</form>';
        }
        else {
            $staff_pass = md5 ($staff_pass);
            print '<form method = "post" action = "staff_add_done.php">';
            print '<input type = "hidden" name = "name" value = "'. $staff_name. '">';
            print '<input type = "hidden" name = "pass" value = "'. $staff_pass. '">';
            print '<br />';
            print '<input type = "button" onclick = "history.back ()" value = "back">';
            print '<input type = "submit" value = "OK">';
            print '</form>';
        }
        ?>
</body>
</html>

I thought it might not have been sent to $_POST because of garbled characters, so I created .htaccess in the directory, but the result did not change.
I checked whether the name in the input tag of the HTML code was different, but it was the same.

Supplemental information (FW/tool version etc.)

The OS is macOS Catalina 10.15.1.

  • Answer # 1

      

    $staff_name = htmlspecialchars ($staff_name, ENT_QUOTES, 'UTF-8');
      $staff_name = htmlspecialchars ($staff_pass, ENT_QUOTES, 'UTF-8');

    It is overwritten with another value immediately after.
    That's true if $staff_pass is empty.

    Snacks:
    There is no use for htmlspecialchars ().
    At this timing, the input check is performed with the converted value at the time of input check.
    Please insert when displaying.
    Sanitize/Input value verification/Escape concept
    Please say "Why do you pass htmlspecialchars?"

Related articles