Re: Re:Subject: DB, XML and & sign

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Then thing is that I have a string to play with AFTER form submission..
So if user enters something like this "Say hello to Alex & Özgür" to my PHP
file this will be sent like "Say hello to Alex & Özgİr". You see there
are 2 ampersands here, and only one should be removed - the one just after
"Alex ".

As you say I can use JavaScript on the Browser(Client) side, but it an
option I don't want to use. I want everything to be done on Server side to
be 100% assured that everything worked fine. One way to do this is maybe
using regular expression, so that i.e. say "Do not remove ampersand if it is
followeb by # sign, 3 letters and ; right aferwards, in any other cases just
remove it"..what do you think? And what will the reg. expr. be in this case?

Any other suggestions?

Regards,
Muhammed Mamedov



----- Original Message ----- 
From: "Neil Smth" <php@xxxxxxxxxxxxxxxxxxxxxxxx>
To: <php-db-digest-help@xxxxxxxxxxxxx>
Cc: <muhammed@xxxxxxxxxx>
Sent: Friday, December 19, 2003 2:27 AM
Subject: Re:Subject: DB, XML and & sign


htmlspecialchars() will deal with the following special characters :

<
 >
&

And so you might find these will be converted into XML entities intact, and
prevernt these causing problems. As you pointed out though, users can also
enter other values which will cause problems in an XML parser, for example
UTF-16 values in a parser expecting UTF-8.

I recommend if possible, that you check for XML support in the browser.
Then, use 'loadXML' or equivalent from the form field, and place this
value.xml in a hidden form field. That way, your users browser will convert
any unsafe characters to XML equivalents (usually &#12345 format).

If XML support fails (use a javascript try.... catch block or set the XML
form field to empty), set another form field so you can switch on
htmlspecialchars() at the server if required.

Cheers - Neil.

At 17:33 18/12/2003 +0000, you wrote:
>Message-ID: <01d201c3c587$219dc370$1800a8c0@mm>
>From: "Muhammed Mamedov" <muhammed@xxxxxxxxxx>
>To: <php-db@xxxxxxxxxxxxx>
>Date: Thu, 18 Dec 2003 18:51:06 +0200
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
>         boundary="----=_NextPart_000_01CF_01C3C597.E5096E80"
>Subject: DB, XML and & sign
>
>Hello everyone,
>
>I read input from user, then via XML send it to DB.
>thing is that when user enters "&" sign XML is no more well-formatted,
>what causes error.
>Does anyone has any suggestions on how to remove & sign from user input,
>considering that data entered by users can be multilingual, that is "ö"
>character is being converted to some unicode "&#234;" character which also
>contains "&" sign, but this one doesn't cause any problem - any other user
>entered "&" signs should be removed or should be translated to unicode &
>"&#033".
>
>Your help will be appreciated.

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux