On Mon, January 14, 2008 1:33 pm, Andrés Robinet wrote: >> -----Original Message----- >> From: Richard Lynch [mailto:ceo@xxxxxxxxx] >> Sent: Monday, January 14, 2008 2:11 PM >> To: Jochem Maas >> Cc: clive; Churchill, Craig; php-general@xxxxxxxxxxxxx >> Subject: Re: $_GET and multiple spaces. >> >> On Mon, January 14, 2008 3:17 am, Jochem Maas wrote: >> > I think actually the whole url should be urlencoded as a matter of >> > course, not >> > 100% sure about this (and it's way to early on a monday to bother >> > checking up ;-) ... >> > maybe someone else can chime in? >> >> Actually, after you urlencode() the values, you should htmlentities >> the whole URL, as it is being passed to HTML as a value to be output >> to HTML. >> >> The whole URL should *NOT* be URL-encoded, however. >> >> -- >> Some people have a "gift" link here. >> Know what I want? >> I want you to buy a CD from some indie artist. >> http://cdbaby.com/from/lynch >> Yeah, I get a buck. So? > > Like this? > > $url = > htmlspecialchars('whatever.php?'.urlencode($name).'='.urlencode($value)); Yes, but if your $name is weird enough to need to be urlencoded, you probably are doing something "Wrong" from a stylistic programming stand-point... I'm not even sure of the rules for what can be in a $name, come to think of it... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
