Bryan Bryan - 3 months ago 19
PHP Question

Hidden type input values not being passed in php

I have a contact form that does a very simple captcha system such as "Is the sun hot or cold?" And the user enters hot. I include the original question and answer to the following processing form in type="hidden" fields.

The problem is that these input fields are always blank on the following php page. Here is my code on the contact form:

<form id="contact-form" name="contact-form" method="POST" onsubmit="return true;" action="submit.php">
<fieldset>
[...]Removed For Convenience[...]
<label class="captcha" id="captcha" name="captcha">
<span style="color:#FFFFFF">Is the sun hot or cold?</span>
<input type="text" value="hot" name="answer" id="answer">
<input type="hidden" value="Is the sun hot or cold?" name="realquestion" id="realquestion">
<input type="hidden" value="hot" name="realanswer" id="realanswer">
<p>Please answer as simply as possible; hot, cold, z, etc. (This question is for security purposes)</p>
</label><br>
<div class="clear-form"></div>
<div class="buttons-wrapper">
<input id="button-2" type="submit" value="Submit">
</div>
</fieldset>
</form>


And the following page, submit.php I put this at the very top "print_r($_POST);" and this is the array that was returned:

Array ( [Name] => asasasas [Email] => My.Email@gmail.com [contactTime] => Best Time To Contact You? [Phone] => Phone: [Account] => Account: [OS] => [Department] => [Message] => Message: [answer] => hot [realquestion] => [realanswer] => )


Now the kicker, if on my contact page I change type="hidden" to type="text" for these two fields and nothing else the code will work. Once that has been done I can change it back to type="hidden" and it will continue working for that session. If I switch browsers, restart the browser, or go to a different computer it will go back to not being able to read those hidden input fields.

Has anyone come across this before or know what might be happening? I'm at a loss. I would really like to figure out this problem and not use a workaround like javascript validation, I am already doing that but I want the php check in place in case they have javascript off (I am assuming the bot spam we have been getting has it off).

Answer

Problem was solved by changing

<input type="hidden" value="Is the sun hot or cold?" name="realquestion" id="realquestion">
            <input type="hidden" value="hot" name="realanswer" id="realanswer">

to

<input type="hidden" value="Is the sun hot or cold?" name="realquestion" id="realquestion" **/>**
            <input type="hidden" value="hot" name="realanswer" id="realanswer" **/>**

And not getting tripped up by browser caching.