I've got a simple form with a textarea that simply takes the contents and stores it in the database. Text of all sorts can be entered, including HTML, without any issue with the following exception:
and selecting Sign Up from the main menu.
That line of text results in the URI (in this case it is like the following):
index.php?pg=create
To being rewritten to simply:
?pg=create
How in the world is POST data manipulating the URL? In some cases, entering that exact same line of text above will result in being redirected to an entirely different web page on the site. Why the inconsistent results?
I've tried removing any code that grabs the POST values to store them, and the same results are experienced, but only when the above line of text is entered. (Whether it is pasted or typed in manually.)
I've never had such a weird issue before and would greatly appreciate any help.
Note: the system is running CentOS, Apache, MySQL, PHP - the website is an application run in a sub-directory with the root of the site being Wordpress. ALSO: my testing server is nearly identical, running the same code, but the OS is Ubuntu, and I haven't experienced the issue on the testing server.
I should add that yes I am using prepared statements. (Seeing that the text mentioned looks like it could be executed in MySQL)
Here is the code of the page that gets posted to:
if (isset($_POST['submit_add_customer_note'])) {
$num_special_notes = number_of_customer_notes($current_user_id);
$valid_limit = false;
if ($num_special_notes < MAX_LIMIT_SPECIAL_NOTES) {
$valid_limit = true;
}
if ($valid_limit) {
if ($_POST['special_note'] != '' && $_POST['special_note_desc'] != '') {
$special_note = substr(trim($_POST['special_note']), 0, 5000);
$special_note_desc = substr(trim($_POST['special_note_desc']), 0, 100);
if (insert_new_customer_note($current_user_id, $special_note, $special_note_desc)) {
header('Location: index.php?pg=manage_customer_notes&status=success');
exit;
} else {
echo DB_ERROR;
}
} else {
header('Location: index.php?pg=add_customer_note&status=not-filled-out');
exit;
}
} else {
header('Location: index.php?pg=manage_customer_notes&status=limit-reached');
exit;
}
}
And here is the code for insert_new_customer_note:
function insert_new_customer_note($u_id, $special_note, $special_note_desc) {
$db = new mysql_conn();
$stmt = $db->prepare("INSERT INTO customer_special_notes (user_id, description, message)
VALUES(?, ?, ?)");
$stmt->bind_param('iss', $u_id, $special_note_desc, $special_note);
if (!$stmt->execute()) return false;
$stmt->close();
$db->close();
return true;
}
Thanks in advance!
