Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

some characters in password field

3:13 pm on Feb 7, 2013 (gmt 0)

New User

joined:Jan 30, 2013
posts: 33
votes: 0

I have problems with some characters in password input form

" = \"
' = \'
\ = \\
& = empty
+ = empty

so if user types

in output he will get

1) what I am doing wrong? In ajax-php password validation file I use simply $password=$_POST['password']; and get such result. In file that records data in mysql, I use $password = $mysqli->real_escape_string($_POST['password']);. But these problems are already at password validation...

2) How to change? I can change \" back to ", but can not change empty to & or +, because do not know what the visitor typed. Or simply not to allow to enter & and +

3) are there some more characters like mentioned?

I am new to programming. Possibly the questions are stupid.
3:48 pm on Feb 7, 2013 (gmt 0)

Junior Member

5+ Year Member

joined:Nov 16, 2008
posts: 136
votes: 0

you should read more about real_escape_string.. this is it's job.. [php.net...]
3:54 pm on Feb 7, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
votes: 16

That'll be "magic quotes", a good intentioned but unncessary/confusing implementation in PHP. The PHP manua has a page on magic quotes [php.net] and how to disable them.
5:11 pm on Feb 7, 2013 (gmt 0)

New User

joined:Jan 30, 2013
posts: 33
votes: 0

input code is this
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div style="width:150px; float:left">Password:</div>
<div style="width:770px; float:left">

<input onkeyup="ValidatePassword(this.value)" name="password" type="text" id="password" size="27" value="<?php echo $_POST['password']; ?>"><span id="CheckPassword"></span>

<input style="font-weight: bold; color: #fff; background-color: #5D964A; width: 100px; height: 25px;" name="register" type="submit" id="register" value="Register">

with ajax input is transferred to php
<script type="text/javascript">
// Pasword validation
//pass data without page refresh
function ValidatePassword(){
// Create our XMLHttpRequest object
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
var hr = new XMLHttpRequest();
{// code for IE6, IE5
var hr = new ActiveXObject("Microsoft.XMLHTTP");
// Create some variables we need to send to our PHP file
var url = "_password_validator.php";
var pass = document.getElementById("password").value;

var vars_pass = "&password="+pass;

hr.open("POST", url, true);
// Set content type header information for sending url encoded variables in the request
hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
// Access the onreadystatechange event for the XMLHttpRequest object
hr.onreadystatechange = function() {
if(hr.readyState == 4 && hr.status == 200) {
var return_data = hr.responseText;
document.getElementById("CheckPassword").innerHTML = return_data;

// Send the data to PHP now... and wait for response to update the status div
hr.send(vars_pass); // Actually execute the request
document.getElementById("CheckPassword").innerHTML = "processing...";

php receives

then validates
elseif( preg_match('/\s/',$password) ) {//preg_match Perform a regular expression match
$error .= '<font color="#FF0000">Password contains spaces. Please, delete spaces.</font>';

If in input enter + or & get info that password contains spaces.
Need to search for reasons in ajax... but do not see something wrong
5:52 pm on Feb 7, 2013 (gmt 0)

New User

joined:Jan 30, 2013
posts: 33
votes: 0

sorry, found answer by myself. May be will be useful for someone else
var vars_pass = "&password="+pass;
must change to
var vars_pass = "&password="+encodeURIComponent(pass);

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members