Re: $_GET and multiple spaces.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrés Robinet schreef:
-----Original Message-----
From: Richard Lynch [mailto:ceo@xxxxxxxxx]
Sent: Monday, January 14, 2008 7:08 PM
To: Andrés Robinet
Cc: php-general@xxxxxxxxxxxxx
Subject: RE:  $_GET and multiple spaces.

On Mon, January 14, 2008 1:33 pm, Andrés Robinet wrote:
-----Original Message-----
From: Richard Lynch [mailto:ceo@xxxxxxxxx]
Sent: Monday, January 14, 2008 2:11 PM
To: Jochem Maas
Cc: clive; Churchill, Craig; php-general@xxxxxxxxxxxxx
Subject: Re:  $_GET and multiple spaces.

On Mon, January 14, 2008 3:17 am, Jochem Maas wrote:
I think actually the whole url should be urlencoded as a matter of
course, not
100% sure about this (and it's way to early on a monday to bother
checking up ;-) ...
maybe someone else can chime in?
Actually, after you urlencode() the values, you should htmlentities
the whole URL, as it is being passed to HTML as a value to be output
to HTML.

The whole URL should *NOT* be URL-encoded, however.

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
Like this?

$url =

htmlspecialchars('whatever.php?'.urlencode($name).'='.urlencode($value)
);

Yes, but if your $name is weird enough to need to be urlencoded, you
probably are doing something "Wrong" from a stylistic programming
stand-point...

I'm not even sure of the rules for what can be in a $name, come to
think of it...


I think I can tell you what... it has just came to my mind (nirvana
moment)... how about this?

$name = 'mylist[myindex]';

this is almost an invite to moan about how http_build_query() was 'fixed'
in 5.1.3 to escape square brackets ... which makes php nolonger do one of
the coolest, imho, with regard to incoming GET/POST values - namely auto-convert
bracketed request var names into native arrays. at least if those strings
are used in anything other than a URL context (form inputs anyone).
I would have been nice to have the encoding as an optional switch/argument.

    /* since php5.1.3 http_build_query() urlencodes square brackets - this does not please us at all,
     * this function fixes the problem the encoding causes us when using http_build_query() output
     * in hidden INPUT field names.
     */
    function inputPostQueryUnBorker($s)
    {
        // first version - slower? more code!
        /*
        return preg_replace('#(\?|&(?:amp;)?)([^=]*)=#eU',
                            "'\\1'.str_replace(array('%5B','%5D'), array('[',']'), '\\2').'='",
                            $s);
        //*/

        // second version - faster? more compact! (should work identically to the above statement.
        return preg_replace('#%5[bd](?=[^&]*=)#ei', 'urldecode("\\0")', $s);
    }


--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

Regards,

Rob


Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
| TEL 954-607-4207 | FAX 954-337-2695
Email: info@xxxxxxxxxxxxx  | MSN Chat: best@xxxxxxxxxxxxx  |  SKYPE:
bestplace |  Web: http://www.bestplace.biz | Web: http://www.seo-diy.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux