Andrés Robinet schreef:
-----Original Message-----
From: Richard Lynch [mailto:ceo@xxxxxxxxx]
Sent: Monday, January 14, 2008 7:08 PM
To: Andrés Robinet
Cc: php-general@xxxxxxxxxxxxx
Subject: RE: $_GET and multiple spaces.
On Mon, January 14, 2008 1:33 pm, Andrés Robinet wrote:
-----Original Message-----
From: Richard Lynch [mailto:ceo@xxxxxxxxx]
Sent: Monday, January 14, 2008 2:11 PM
To: Jochem Maas
Cc: clive; Churchill, Craig; php-general@xxxxxxxxxxxxx
Subject: Re: $_GET and multiple spaces.
On Mon, January 14, 2008 3:17 am, Jochem Maas wrote:
I think actually the whole url should be urlencoded as a matter of
course, not
100% sure about this (and it's way to early on a monday to bother
checking up ;-) ...
maybe someone else can chime in?
Actually, after you urlencode() the values, you should htmlentities
the whole URL, as it is being passed to HTML as a value to be output
to HTML.
The whole URL should *NOT* be URL-encoded, however.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
Like this?
$url =
htmlspecialchars('whatever.php?'.urlencode($name).'='.urlencode($value)
);
Yes, but if your $name is weird enough to need to be urlencoded, you
probably are doing something "Wrong" from a stylistic programming
stand-point...
I'm not even sure of the rules for what can be in a $name, come to
think of it...
I think I can tell you what... it has just came to my mind (nirvana
moment)... how about this?
$name = 'mylist[myindex]';
this is almost an invite to moan about how http_build_query() was 'fixed'
in 5.1.3 to escape square brackets ... which makes php nolonger do one of
the coolest, imho, with regard to incoming GET/POST values - namely auto-convert
bracketed request var names into native arrays. at least if those strings
are used in anything other than a URL context (form inputs anyone).
I would have been nice to have the encoding as an optional switch/argument.
/* since php5.1.3 http_build_query() urlencodes square brackets - this does not please us at all,
* this function fixes the problem the encoding causes us when using http_build_query() output
* in hidden INPUT field names.
*/
function inputPostQueryUnBorker($s)
{
// first version - slower? more code!
/*
return preg_replace('#(\?|&(?:amp;)?)([^=]*)=#eU',
"'\\1'.str_replace(array('%5B','%5D'), array('[',']'), '\\2').'='",
$s);
//*/
// second version - faster? more compact! (should work identically to the above statement.
return preg_replace('#%5[bd](?=[^&]*=)#ei', 'urldecode("\\0")', $s);
}
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
Regards,
Rob
Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695
Email: info@xxxxxxxxxxxxx | MSN Chat: best@xxxxxxxxxxxxx | SKYPE:
bestplace | Web: http://www.bestplace.biz | Web: http://www.seo-diy.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php