homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

some characters in password field

 3:13 pm on Feb 7, 2013 (gmt 0)

I have problems with some characters in password input form

" = \"
' = \'
\ = \\
& = empty
+ = empty

so if user types

in output he will get

1) what I am doing wrong? In ajax-php password validation file I use simply $password=$_POST['password']; and get such result. In file that records data in mysql, I use $password = $mysqli->real_escape_string($_POST['password']);. But these problems are already at password validation...

2) How to change? I can change \" back to ", but can not change empty to & or +, because do not know what the visitor typed. Or simply not to allow to enter & and +

3) are there some more characters like mentioned?

I am new to programming. Possibly the questions are stupid.



 3:48 pm on Feb 7, 2013 (gmt 0)

you should read more about real_escape_string.. this is it's job.. [php.net...]

brotherhood of LAN

 3:54 pm on Feb 7, 2013 (gmt 0)

That'll be "magic quotes", a good intentioned but unncessary/confusing implementation in PHP. The PHP manua has a page on magic quotes [php.net] and how to disable them.


 5:11 pm on Feb 7, 2013 (gmt 0)

input code is this
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div style="width:150px; float:left">Password:</div>
<div style="width:770px; float:left">

<input onkeyup="ValidatePassword(this.value)" name="password" type="text" id="password" size="27" value="<?php echo $_POST['password']; ?>"><span id="CheckPassword"></span>

<input style="font-weight: bold; color: #fff; background-color: #5D964A; width: 100px; height: 25px;" name="register" type="submit" id="register" value="Register">

with ajax input is transferred to php
<script type="text/javascript">
// Pasword validation
//pass data without page refresh
function ValidatePassword(){
// Create our XMLHttpRequest object
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
var hr = new XMLHttpRequest();
{// code for IE6, IE5
var hr = new ActiveXObject("Microsoft.XMLHTTP");
// Create some variables we need to send to our PHP file
var url = "_password_validator.php";
var pass = document.getElementById("password").value;

var vars_pass = "&password="+pass;

hr.open("POST", url, true);
// Set content type header information for sending url encoded variables in the request
hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
// Access the onreadystatechange event for the XMLHttpRequest object
hr.onreadystatechange = function() {
if(hr.readyState == 4 && hr.status == 200) {
var return_data = hr.responseText;
document.getElementById("CheckPassword").innerHTML = return_data;

// Send the data to PHP now... and wait for response to update the status div
hr.send(vars_pass); // Actually execute the request
document.getElementById("CheckPassword").innerHTML = "processing...";

php receives

then validates
elseif( preg_match('/\s/',$password) ) {//preg_match Perform a regular expression match
$error .= '<font color="#FF0000">Password contains spaces. Please, delete spaces.</font>';

If in input enter + or & get info that password contains spaces.
Need to search for reasons in ajax... but do not see something wrong


 5:52 pm on Feb 7, 2013 (gmt 0)

sorry, found answer by myself. May be will be useful for someone else
var vars_pass = "&password="+pass;
must change to
var vars_pass = "&password="+encodeURIComponent(pass);

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved