dongyou5098 2011-06-15 15:33
浏览 52
已采纳

enctype ='multipart / form-data'的问题

I have next form:

echo "<br><form action ='maketext.php' method='post' enctype='multipart/form-data'>
                <br>
                $table <br><br><br>
                <b>$subject</b> <br>
                Сообщение: <b>$message</b> <br>
                <input name='userfile[]' type='file' /><br />
                <input name='userfile[]' type='file' /><br />
                <input name='userfile[]' type='file' /><br />
                <input type ='submit' name ='Send' size = '10' value = 'Send'>
                <input type ='hidden' name ='subject' value=$subject>
                <input type ='hidden' name ='sms' value=$flagSms>
                <input type ='hidden' name ='email' value=$flagEmail>
                <input type ='hidden' name ='message' value=$message>
                </form>";

I havent problems with files, but I have a problem with encoding of $subject and other variables. I think its because enctype='multipart/form-data'. It really pass and variables and files through one form?

  • 写回答

2条回答 默认 最新

  • dongwuwu6104 2011-06-15 15:39
    关注

    You have no quotes around your inputs. If any of those values contain spaces or html metacharacters, your form will "break".

    e.g.

    $subject = "hi there";

    will produce

    <input type='hidden' name='Subject' value=hi there />

    When this form is submitted, you'll end up with Send=hi, and there will not be transmitted as it's seen as an unknown HTML attribute in the input tag.

    You need to have something like this:

    <?php ?>
<input type="hidden" name="Subject" value="<?php echo htmlspecialchars($send) " />

    Two things of note:

    1. I'm not doing this in an echo. While echo can output multiline chunks of text, it's far too painful, plus it's a waste of CPU resources to parse that string as PHP code and then output it. Instead, just drop out of PHP mode and have it output directly as raw html.

    2. I've processed $send through htmlspecialchars(). This 'escapes' any special characters which might be otherwise seen as part of the HTML markup and not as part of the data you're passing.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊
  • ¥15 安装svn网络有问题怎么办
  • ¥15 vue2登录调用后端接口如何实现