cannot trim whitespace

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
New php-forum User
New php-forum User
Posts: 24
Joined: Fri Dec 02, 2016 8:32 am

Sat Apr 21, 2018 6:36 am

Once again, pretty fundamental illiteracy. Appreciate your help. Searches for keywords 'whitespace' and 'unprintable characters' come up as unhelpful.

here is the url (as html5 converts it from "<a href="/contracts/project/?action='add'">Add Project</a>)
here is an excerpt from contracts/project/index.php

Code: Select all

$action = $_REQUEST['action'];
$validActions = array('add', "update", "delete", "print");
$addcheck = "add";
$action = preg_replace('/[\x00-\x1F\x7F-\xFF]/', '', $action);
$action = trim($action);
echo("<br>addcheck: {$addcheck }" . strlen($addcheck));
echo("<br>action: {$action }" . strlen($action));
if ($action == $addcheck) {echo("<br>true");}
if (!in_array($action, $validActions)) {echo("<br>action: {$action}"); throw new exception("unexpected entry");}
// hacker check complete
and the result that displays:
array(4) { [0]=> string(3) "add" [1]=> string(6) "update" [2]=> string(6) "delete" [3]=> string(5) "print" }
addcheck: add3
action: 'add'5
action: 'add'
Fatal error: Uncaught Exception: unexpected entry in C:\xampp\htdocs\contracts\project\index.php:30 Stack trace: #0 {main} thrown in C:\xampp\htdocs\contracts\project\index.php on line 30
I understand that the length of 5 includes the quotes on both sides of the passed argument. So when I remove the single quotes from around the string "add" in the "action='add'" in the invoking script as below, it works fine. specifically

Code: Select all

<a href="/contracts/project/?action=add">Add Project</a>
but I cannot imagine this is best practices.

php-forum Fan User
php-forum Fan User
Posts: 570
Joined: Fri Apr 01, 2016 2:18 am

Sat Apr 21, 2018 11:03 am

What for should this single-quotes be? At least it's jujst strings, do whatever you want to do with them.

Post Reply