Menu
▾
▴
Re: [chiPHPug-discuss] PHP form name transliteration question
|
From: Richard L. <ce...@l-...> - 2007-01-24 23:12:38
|
On Wed, January 24, 2007 2:08 pm, Sarah Gray wrote: > Does anyone know why it is that a form element named using dots is > transliterated to a form element named using underscores when it is > posted using PHP [4.4.4 and 4.3.2, at least]? It's as if php runs a > pre-filter preg_replace on the names of input fields before outputting > them to the $_POST array. > Is this for a security reason? Are these illegal naming conventions > for > form names in general? Here's my example: > > I'd never encountered this before, but a simple test shows that > > <form action="#" method="post"> > <input type="hidden" name="name.with.dots"> > <input type="submit"> > </form> > > turns into the below (when displayed using print_r) in the $_POST > array: > > Array > ( > [name_with_dots] => > ) Back in the good ol' days, when you didn't have a zillion spammers and hackers sending in crap data to a web form, you'd just be using $name_with_dots from register_globals. Since PHP variable names did not allow '.' in them, the dots had to turn into something else, and _ was chosen. As a result of this history, the $_POST (and $_GET) keys also are changed to match this. This is even more apparent if you use INPUT TYPE="IMAGE" NAME="foo" where you get foo_x and foo_y instead of foo.x and foo.y, which are HTTP spec, so you can't do anything about that conversion. At least when one is choosing the names, one can just opt not to use '.' [shrug] -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? |
