Reputation: 21
issue using $_POST in html and php
I am having serious issue with $_POST and $_GET. I am new to php. Just started it a week ago.
I have a html form which calls php for the action.
<html><body>
<form action="ls_sample1.php" method="post">Submission ID: <input type="text" name="sub_id" />
<input type="submit"/></form>
</body></html>
I have a php which takes the sub_id and exectute the system command
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
?>
<?php
$input = $_POST['sub_id'];
echo "Entered submission id is $input";
system('/auto/ash/g2k/bin/gt -F stat -s $input',$ret);
if($ret) {
echo "its invalid input because return value is $ret";
}
?>
ignore the command that is in the above code. It is just like any other unix command. When I execute in the shell, everything works fine and return value will be 0. When I execute it in the browser the return value is 1 and nothing executes. However the submission id is getting passed to the php.
Browser output: Entered submission id is 0000268801 its invalid input because return value is 1
Am I missing anything here?? Please help.
Upvotes: 0
Views: 136
Answers (1)
Reputation: 30877
So... no. Don't do this.
If someone submits the form such that the input field contains this:
; rm -rf ~/ #
Then you've got trouble. And they can be much more malicious than just deleting all your files.
Have a look at escapeshellarg.
WRT your error:
Return code 1 typically signifies a general (unspecified) error. Occasionally PHP will dump something into your error logs that might be helpful. You could check to make sure that your apache user actually has permission to run this program, and that nothing in your php.ini file is interfering.
Failing at all of the simple solutions, what I would do is strace the Apache instance and see what happens. This is a bit more advanced, but if you know how to use the tool then it's pretty indispensable. I'd temporarily change the apache config down such that there's only one apache worker process, attach to it with strace and dump the output to a file. Then search the file for the name of your executable and follow the execution chain from there. Eventually you'll hit the error and see what it is. You might also pay attention to the -s option to strace (which controls where it truncates strings), -w which sets the output file, and -t or -tt which adds timestamps.
Please don't ask me to explain how to do all that stuff; it would take pages.
Upvotes: 4
Related Questions
- Why my post (and get) in PHP doesn't work
- PHP $_POST not working but $_GET works fine
- PHP $_POST works but $_GET does not
- $_GET is working but not for $_POST for url query
- $_POST doesn't seem to work
- PHP POST does not work (I'm getting GET instead)
- Having an issue with PHP $_POST
- $_POST always empty, $_GET works OK
- $_POST doesn't work, $_GET does
- $_GET and $_POST issue