> -----Original Message----- > From: Richard Lynch [mailto:ceo@xxxxxxxxx] > Sent: Monday, January 14, 2008 2:11 PM > To: Jochem Maas > Cc: clive; Churchill, Craig; php-general@xxxxxxxxxxxxx > Subject: Re: $_GET and multiple spaces. > > On Mon, January 14, 2008 3:17 am, Jochem Maas wrote: > > I think actually the whole url should be urlencoded as a matter of > > course, not > > 100% sure about this (and it's way to early on a monday to bother > > checking up ;-) ... > > maybe someone else can chime in? > > Actually, after you urlencode() the values, you should htmlentities > the whole URL, as it is being passed to HTML as a value to be output > to HTML. > > The whole URL should *NOT* be URL-encoded, however. > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some indie artist. > http://cdbaby.com/from/lynch > Yeah, I get a buck. So? Like this? $url = htmlspecialchars('whatever.php?'.urlencode($name).'='.urlencode($value)); Regards, Rob -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
