Re: $_GET and multiple spaces.

[Jochem Maas <jochem@xxxxxxxxxxxxx>]

Andrés Robinet schreef:
> > -----Original Message-----
> > From: Richard Lynch [mailto:ceo@xxxxxxxxx]
> > Sent: Monday, January 14, 2008 7:08 PM
> > To: Andrés Robinet
> > Cc: php-general@xxxxxxxxxxxxx
> > Subject: RE:  $_GET and multiple spaces.
> >
> > On Mon, January 14, 2008 1:33 pm, Andrés Robinet wrote:
> > > > -----Original Message-----
> > > > From: Richard Lynch [mailto:ceo@xxxxxxxxx]
> > > > Sent: Monday, January 14, 2008 2:11 PM
> > > > To: Jochem Maas
> > > > Cc: clive; Churchill, Craig; php-general@xxxxxxxxxxxxx
> > > > Subject: Re:  $_GET and multiple spaces.
> > > >
> > > > On Mon, January 14, 2008 3:17 am, Jochem Maas wrote:
> > > > > I think actually the whole url should be urlencoded as a matter of
> > > > > course, not
> > > > > 100% sure about this (and it's way to early on a monday to bother
> > > > > checking up ;-) ...
> > > > > maybe someone else can chime in?
> > > > Actually, after you urlencode() the values, you should htmlentities
> > > > the whole URL, as it is being passed to HTML as a value to be output
> > > > to HTML.
> > > >
> > > > The whole URL should *NOT* be URL-encoded, however.
> > > >
> > > > --
> > > > Some people have a "gift" link here.
> > > > Know what I want?
> > > > I want you to buy a CD from some indie artist.
> > > > http://cdbaby.com/from/lynch
> > > > Yeah, I get a buck. So?
> > > Like this?
> > >
> > > $url =
> > htmlspecialchars('whatever.php?'.urlencode($name).'='.urlencode($value)
> > );
> >
> > Yes, but if your $name is weird enough to need to be urlencoded, you
> > probably are doing something "Wrong" from a stylistic programming
> > stand-point...
> >
> > I'm not even sure of the rules for what can be in a $name, come to
> > think of it...
>
> I think I can tell you what... it has just came to my mind (nirvana
> moment)... how about this?
>
> $name = 'mylist[myindex]';

this is almost an invite to moan about how http_build_query() was 'fixed'
in 5.1.3 to escape square brackets ... which makes php nolonger do one of
the coolest, imho, with regard to incoming GET/POST values - namely auto-convert
bracketed request var names into native arrays. at least if those strings
are used in anything other than a URL context (form inputs anyone).
I would have been nice to have the encoding as an optional switch/argument.

    /* since php5.1.3 http_build_query() urlencodes square brackets - this does not please us at all,
     * this function fixes the problem the encoding causes us when using http_build_query() output
     * in hidden INPUT field names.
     */
    function inputPostQueryUnBorker($s)
    {
        // first version - slower? more code!
        /*
        return preg_replace('#(\?|&(?:amp;)?)([^=]*)=#eU',
                            "'\\1'.str_replace(array('%5B','%5D'), array('[',']'), '\\2').'='",
                            $s);
        //*/

        // second version - faster? more compact! (should work identically to the above statement.
        return preg_replace('#%5[bd](?=[^&]*=)#ei', 'urldecode("\\0")', $s);
    }

> > --
> > Some people have a "gift" link here.
> > Know what I want?
> > I want you to buy a CD from some indie artist.
> > http://cdbaby.com/from/lynch
> > Yeah, I get a buck. So?
>
> Regards,
>
> Rob
>
>
> Andrés Robinet | Lead Developer | BESTPLACE CORPORATION
> 5100 Bayview Drive 206, Royal Lauderdale Landings, Fort Lauderdale, FL 33308
> | TEL 954-607-4207 | FAX 954-337-2695
> Email: info@xxxxxxxxxxxxx  | MSN Chat: best@xxxxxxxxxxxxx  |  SKYPE:
> bestplace |  Web: http://www.bestplace.biz | Web: http://www.seo-diy.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php