The IE if (isset($_POST['submit'])) bug explained.
 

For a while now I've had a clear warning in my signature about not using this technique. I've since then received a lot of questions about it via PM and this week alone I've had quite a few. Today I am going to explain this issue to you in further detail so that you can understand and try this out for yourself and fix your code.

Lets start with a basic script:
Now put that on your server and test it in a variety of browsers starting with Internet explorer. To test it, put the cursor in the text box and press the enter / return key on the keyboard. Most browsers are fine with this but if your version of IE is affected you'll see that the text field is submitted but not the button submit field. This means that any code that should of run in your script that relies on the submit button WILL NOT RUN.

Why?
Because Internet Explorer only sends the button if you click it with the mouse. If you have the text cursor in a text box and click the enter / return key on your keyboard IE does not send the value of the submit button. This is because you can use multiple submit buttons in one form (EG Edit and Delete on a blog / forum post) and so MS in their wisdom seem to have decided that only sending a clicked button is the wise thing. There is some wisdom in this but only for forms with multiple submit buttons. For forms with just one submit its a bit pointless.

I've heard that on IE9 this is no longer a problem but I've tested this on IE5.5, IE6, IE7 and IE8 and it is the same on all of them. IF you do not experience the same symptoms and do not believe it, then please watch this video:


Once you've watched that, I hope you will understand how this could affect your logic flow in your code. This issue could loose you orders, new members, contact form submissions etc. By using the simple techniques I've demonstrated below, you will no longer have this issue and it will work regardless of what browser your visitor uses.

Now, lets modify that script:
You can see now that the text field is processed regardless of whether the user clicked the enter key or the button was pressed.

There is a further way to handle this - use a hidden form field:
The reason these 2 modified scripts work is because when you submit the form the other fields are POSTed to the server. The modified script is not checking for the submit button but the text field or the hidden field - which of course it finds.

If you feel that this topic has helped you, there is a green "Thank user for this post" button below :thumbsup:

I suppose its forturnate that i have always done isset on a submitted field and not the submit button value. Not because i knew this was happening but just because i wanted control over my switch (me being anal lol) and It just turned out to be lucky that i didnt do it on the button afterall. But i do have open source scripts that i use from others that do use this,so thanks for this, those will need to be corrected.


Thanks again tango, great post. :thumbsup:

I'll add this thread to the "list".
One thing to note is that IE's behaviour contravenes the specification for HTML form processing indicated here: http://www.w3.org/TR/html4/interact/...html#h-17.13.2 (which will come as no surprise to any client developer :P).
From the PHP world, you should actually check that every required field has been provided:
For example. This kills 2 birds with one stone.

Does this bug also affect images as since most form nowadays have an image as a submit button:

<form action="includes/regformprocess.php" method="post" id="reg" name="reg" onsubmit="do something">
<input type="text" class="inputtext2" id="username" name="username" />
<INPUT TYPE="image" SRC="images/signup.png" HEIGHT="25" WIDTH="63" BORDER="0" ALT="Submit Form">

tango while I agree with you, this only occurs if you have only one text input in your form and then a submit button. If you more than one text input hence your example it will send the post from the submit button.

Most forms will have way more than one input of type text but for those that don't yes you need to check for the post of a different field.

If you have more than one text/hidden field you can now for isset($_POST['submit']) or whatever your submit button may be named and it will work regardless of clicking on it with your mouse.

It does not work like I have mentioned if you use the hidden input as your second input. An example of what I mean

The following will pass in the post for the submit button.

An image in place of a submit button has no value. The very code you show has no value to it and no it won't be sent.

Thats actually interesting and perhaps reveals a bit about M$'s way of thinking (although I can't understand why they would do that there must be a reason for it).

Good bit of info there but I think it's best to still advise people not to use the submit button as it's too much hassle to expect people to remember more than one field or they'll get trouble. They'll forget about it, create a form with one field and then start head scratching. Best way to keep it simple is just to recommend people use the submit button.

When a form is submitted by clicking on an image defined like that the x and y co ordinates within the image where the mouse cursor was when the button was clicked are sent. I have not come across any form where the spot on the image you click would make any difference but presumably whoever wrote that part of the specification could see such a need.

Thre is a second issue regarding using name="submit" in submit buttons that your above explanation doesn't mention. In some versions of Internet Explorer the names are mapped directly to JavaScript variables. Specifying a submit button with that name will therefore map form.submit to the submit button. This then makes it impossible to actually submit the form from JavaScript.

The safest thing to do if you only have the one submit button in your form is to not give it a name at all.

Tested everything (from the posts above) in IE6 and IE7 and verified what you wrote apart from when I replaced:
<input type="submit" name="submit" value="Then the next time, click this">
with:
<INPUT TYPE="image" SRC="images/signup.png" HEIGHT="25" WIDTH="63" BORDER="0" ALT="Submit Form">
Tangoforce Not true. In reality (in both IE6 and IE7) when I pressed enter it actually came back with:
Which indicates that it is sending some kind of value and the bug doesn't occur if you use an image!
This also avoids the second issue with javascript (described by felgall) because the image input type doesn't have a name field.

Would love to hear thoughts on this as this is the solution I have to use..

just out of curiousity, does anyone know if this bug is still in IE, as Ive seen on TV the Internet Explorer 9 is coming out/ Already out?

You're not even using a field type with a name for your image and you're also not posting your PHP processing code to show what you actually did on the server.

While I don't doubt that there may be truth in what you're saying, I never said that it wouldn't work (thats in reference to your "Not true" remarks). I simply said the image had no name="" or value="" attributes and therefore they would not be sent. It's possible that IE (in relation to felgalls comments) will automatically send a $_POST['submit'] field for an image based submit - this could be a empty value or an array of x and y as felgall has mentioned. If it does, then that is a completely different issue and not related to the submit button issue.

To comment any further on your data processed message you'd need to post your complete code for both the html and the php.

I seem to recall someone else testing it and saying it was there. I see no reason for MS to suddenly fix this bug as I doubt they would consider it an important one. Even if it is fixed you should still code to avoid it for all the users of older versions.

I never expected this topic to become so popular so many months after posting it!

I was just curious to see if MS had actually updated much, they are pretty useless in my opinion, but thats besides the point. Thanks for the fix by the way, it came in useful for me :)

Sorry I should have made it clear that I used your code exactly and simply replaced:
<input type="submit" name="submit" value="Then the next time, click this">
with:
<INPUT TYPE="image" SRC="images/signup.png" HEIGHT="25" WIDTH="63" BORDER="0" ALT="Submit Form">

And I simply said that statement is incorrect. I may not have specified thos values but they are automatically generated and sent.
It does exactly that in IE6 and IE7 so using an image as a submit button seems to bypass the "if(isset($_POST['submit'])) bug".

Hmm.. not related? Seriously?!

It's an image, not a button so most people wouldn't set the name or value attributes and thus wouldn't code for them in their php anyway.

To be honest I see it as a null issue anyway when the most reliable way is to use a hidden field / value. Relying on the $_POST['submit'] value is asking for trouble whether you like to admit it or not. By using the hidden field you guarantee that your script will work.

But it isn't. The behaviour of IE doesn't follow many standards very well. Browsers are not supposed to generate their own form fields and transmit them and the fact that IE does this isn't right. The form does not contain a post a field with that name / value and so it IS NOT SENT. The browser is sending it's own form data which is entirely different to the html form data. There is a difference between the form data that is sent and the form data that the browser decides to tag on for its own weird reason.

Agreed. I don't fully understand or trust IE's behaviour so I'm using your hidden field solution (even though my form has more than 1 field).