PDA

Click to See Complete Forum and Search --> : >> Wierd bug of the Day <<

SyCo
05-07-2008, 05:41 PM
This is really wierd.

I have a form that I wrote years ago that is saving some customer info. As far as I know it's been ticking along without incident for years. Then again this might alway have been happening and no-one reported the problem.

In part of the form there's a complete list of UK counties ina select, here's an excerpt.
<select name="county_update" class="text">
(more listed before)
<option <?if($county_update=="Nottinghamshire") { print "selected"; }?>><font class="text">Nottinghamshire</option>
<option <?if($county_update=="Oxfordshire") { print "selected"; }?>><font class="text">Oxfordshire</option>
<option <?if($county_update=="Rutland") { print "selected"; }?>><font class="text">Rutland</option>
<option <?if($county_update=="Shropshire") { print "selected"; }?>><font class="text">Shropshire</option>
<option <?if($county_update=="Somerset") { print "selected"; }?>><font class="text">Somerset</option>
<option <?if($county_update=="Staffordshire") { print "selected"; }?>><font class="text">Staffordshire</option>
<option <?if($county_update=="Suffolk") { print "selected"; }?>><font class="text">Suffolk</option>
<option <?if($county_update=="Surrey") { print "selected"; }?>><font class="text">Surrey</option>
(more listed after)



So it all works fine, except when the user tries to update their details and chooses the county 'Somerset'

When that happened the site redirected itself back to the index page.

I have no redirects to the index page. I do have a redirect to the login page (login.php) as this area is password protected but there's no redirects to the index page on any of the scripts. Nothing should redirect this to the index page except maybe a server diretive as the script name becomes undetermined and it's left looking to serve nothing? I'm only guessing at what it might be here.

If I select anything other than somerset its OK.

If I replace
<option <?if($county_update=="Somerset") { print "selected"; }?>><font class="text">Somerset</option>
with
<option <?if($county_update=="Testing") { print "selected"; }?>><font class="text">Testing</option>
or even (space added)
<option <?if($county_update=="Somerse t") { print "selected"; }?>><font class="text">Somerse t</option>

Then it updates just fine.

WTF is going on?

Somerset is such a nice place, what could my script possibly have against it???
NogDog
05-07-2008, 07:56 PM
When does the apparent redirect happen: when the form is submitted, or as soon as the Somerset option is selected (like if the <select> had some sort of onchange event)?
SyCo
05-07-2008, 09:16 PM
The redirect to index is on submit of the form. Theres no javascript involved or anything fancy. It's a straight up submit to itself. PHP validation simply looks for something in the form, nothing more. and only prints a message if there's an emoty required field. Like I say this is pretty basic and is the first PHP site I wrote about 7 years ago. The code has seen little maintenance so it could use a re-write but as always finding time is the problem.

I'd like to know why it happening though. Even if I do re-write it.
Sheldon
05-07-2008, 09:27 PM
Can you please post for <form> line ?

Even a link to the site ?
SyCo
05-07-2008, 10:16 PM
This form has been up for years and has been used hundreds of times without issue.

Here's theinfo requested.
<form action="<?=$PHP_SELF?>" method="post">

<form action="/path/to/mydetails.php" method="post">

This form works just fine for every other of the options in the select. The Somerset option works fine if I simply put a space in the name.

Somerset is not relevant to the page in any way and only appears in another select in the search that also contains the every other option too.
Sheldon
05-07-2008, 10:38 PM
I can't see anything wrong with that really?

I'm not sure what this "<font class="text">" is doing in the <option></option> tags?

Also to add security, i would change your form action to
<form action="<?php echo(htmlentities(basename($_SERVER['PHP_SELF']))); ?>" method="post">
SyCo
05-07-2008, 11:16 PM
yea I know the security on this whole site is terrible. It needs a total rewrite. I don't have time right now. It's a pretty insignificant site and doesn't make much money, but s it's on my to-do list!!

Like I said, 'weird bug of the day'

The SQL server just went down too so couldn't do anything since my last post. it never rains!!

Ah well. If I work it out I'll let you know.

Oh and the whole <font class=text> thing in the options er well... It was a long time ago... CSS was a new toy then for me to play with and abuse. :o
NogDog
05-07-2008, 11:25 PM
Seems more likely to me to be something in the form processing code rather than in the HTML form itself.
andre4s_y
05-08-2008, 05:40 AM
using regex may solve the problem??

<?if(preg_match("/\bSomerset\b/",$county_update)) { print "selected"; }?>
MrCoder
05-08-2008, 06:10 AM
using regex may solve the problem??

<?if(preg_match("/\bSomerset\b/",$county_update)) { print "selected"; }?>


No it wont, please show us the code that receives the form post field. (/path/to/mydetails.php)
SyCo
05-08-2008, 03:54 PM
Please avert your eyes from the hideous insecurities :o


if($update=="Update")
{
//checks for empty required vars and select items not allowed
if($password=="" || $mdname=="" || $town_update=="" || $phone=="" || $county_update=="" || $county_update=="Please Select" || $county_update=="--------------------" || $county_update=="ENGLAND" || $county_update=="WALES" || $county_update=="SCOTLAND" || $county_update=="N. IRELAND")
{

if($mdname=="")
{
$no_mdname=1;
$update_error=1;
}

if($phone=="")
{
$no_phone=1;
$update_error=1;
}

if($password=="")
{
$no_password=1;
$update_error=1;
}

if($email=="")
{
$no_email=1;
$update_error=1;
}

if($town_update=="")
{
$no_town_update=1;
$update_error=1;
}

if($county_update=="Please Select" || $county_update=="--------------------" || $county_update=="ENGLAND" || $county_update=="WALES" || $county_update=="SCOTLAND" || $county_update=="N. IRELAND")
{
$no_county_update=1;
$update_error=1;
}

PRINT "<font class=text><font color=red>Please check and complete all fields shown in red.<br><br></font>";

}
else
{


$q="update tablename1 set
name='$mdname',phone='$phone',email='$email',town='$town_update',county='$county_update',url='$mdurl ',check_name='$check_name',check_phone='$check_phone',check_email='$check_email',password='$password ' where id='$cust_id'";
mysql_query($q);
//print mysql_error();
//print "<br>$q<br>";
$q="update tablename2 set live='no' where customer_id='$cust_id'";
mysql_query($q);

print "<font class=\"text\">Your details have been updated and
<font color=red><b>ALL listings submitted for moderation</b><font class=text>.
This usually takes 24hrs. <br>If, after this time, you think there is a problem,
please email the webmaster using the '<a href=\"contact.php\" class=link>Contact Us</a>' form<br><br>";

}
}

The rewrite is simple enough, but I'd love to know why this is happening.

Ive had weird bug before likesempty spaces inserted by editors that have broken stuff so I copied another option and changed the value but it still breaks. But if that was the problem why would it work when there a space in the value?