Passing POST vars between Perl and PHP

PHP_Novice2

I have perl script that uses POST to send data to a PHP script. Some of these variables are then inserted into an SQL statement, which gets executed in the PHP script.

The perl script submits two variables:
id (pre-populated by the perl script)
text (entered by the user)

For example, if I send id=123 and text=Hello, the PHP script will read it as:
$POST['id'] = 123
$POST['text'] = Hello

However, if the user enters "hello&id=456" in the text field, $_POST['id'] will be set to "456" instead of "123".

I can URL encode this field in Perl, then decode it somewhere in the PHP code, but is there a better workaround to this problem?

bradgrafelman

While I'm no expert in Perl, you might post the Perl code you're using. If you're injecting values directly into the body of the POST request, then you must of course do some data sanitizing to ensure that the user-supplied data doesn't alter the format of the request... there's no real "workaround" for proper data sanitization other than to just do it.