On 2-Jun-08, at 10:25 AM, Ed Curtis wrote:
I found the problem myself. The actual code follows the same
principal but the value of $thisStr is a $_GET value from a link.
The name of that value in the link was 'style'. Oops, you should
never use a HTML reserved attribute as a varible identifier in a
link. I just wasn't thinking at the time I wrote it. (<a
href="order2.php"?style="CL22">)
Input validation is always a very important aspect when using values
submitted by the client.
Assuming that $_GET['style'] existed without testing for it was the
first thing that should've been looked at.
In order to make maximum use of this mailing list, it's really helpful
for us to see the _actual_ code you're using, rather than fake code.
Your fake code had no problems, so we weren't able to provide you with
a solution, but it sounds like your real code had the error that
caused the problem.
Even in your latest post, you put this:
(<a href="order2.php"?style="CL22">)
What's with all of those double-quotes? More fake code, or is that
actually what you have in your code?
~Ted
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
