thanks, Nisse, for clearing up my half-baked-monday-morning answer.
AFAICT (now that I have woken up somewhat) you are indeed correct.
Nisse Engström schreef:
On Mon, 14 Jan 2008 10:17:03 +0100, Jochem Maas wrote:
clive schreef:
Hi - What Al said, but you want to use the url_encode/url_decode
functions in php
you don't need to use url_decode() because php will do that automatically
for incoming data - the caveat being situations where double urlencoding is
being used (anyone playing with multiple redirection and such will feel what
I mean), that is not the situation here
e.g.:
echo '<a href="browse.php?DarScientificName=', urlencode("Argononemertes australiensis"), '">...</a>';
I think actually the whole url should be urlencoded as a matter of course, not
100% sure about this (and it's way to early on a monday to bother checking up ;-) ...
maybe someone else can chime in?
If you urlencode() the whole url you'll end up with
'%3F' and '%3D' instead of '?' and '=', and you certainly
don't want that[1]. The above is fine, but if you don't know
for sure that the parameter name is a safe string, you'll
need:
$name_url = urlencode ($name);
$value_url = urlencode ($value);
echo "<a href=\"browse.php?$name_url=$value_url\">...</a>";
Or to generalize[2]...
$n1_url = urlencode ($name1);
/* and so on... */
$c_html = htmlspecialchars ($content);
/* or htmlentities() */
echo "<a href=\"browse.php?",
"$n1_url=$v1_url&$n2_url=$v2_url\">$c_html</a>";
That is, unless I've totally missed the boat here. :-)
See also the examples at:
<http://se.php.net/manual/en/function.urlencode.php>
/Nisse
[1]: The '?' and '=' (and '&') characters have special meaning
in the url and must retain that meaning for the url to
work, so the charcters must only be escaped inside the
name and value parts of the url.
[2]: Note also that the '&' character must, in addition to any
url escapes, be escaped as '&' when used in an HTML
attribute.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
