Anders, Thanks for the tips. I've resolved the post/get problem. Cheers George > -----Original Message----- > From: Svensson, B.A.T. (HKG) [mailto:B.A.T.Svensson@xxxxxxx] > Sent: 20 May 2004 3:48 pm > To: 'php-windows@xxxxxxxxxxxxx ' > Subject: RE: Passing +, =, - at post and get > > > In your second if you do a count on the occurence of a character, > but don't use the result, why not use strpos() directly? > > Also if you just want to replace a single char with another > single char, then you might like to do like this: > > $String = implode(explode($String, $OldChar), $NewChar); > > > > -----Original Message----- > From: George Pitcher > To: php-windows@xxxxxxxxxxxxx > Sent: 20-5-2004 15:43 > Subject: RE: Passing +, =, - at post and get > > And doing a bit more, I find that '=' and '-' are passing through OK so > I'll > need to train my users to use an alternative to '+'. > > The choking seems to be with my parsing function, which I have pasted in > below: > ================================================= > function sql_fltr($sql,$field,$input){ > if(strlen($input)>0){ > if( substr_count($input,"=")>0 | substr_count($input," > -")>0 | > substr_count($input," +")>0 ){ > $output = ""; > $temp = str_replace(" -","|-",(str_replace(" > -","|-",($input)))); > $temp = explode("|",$temp); > for ($i = 0; $i <= sizeof($temp); $i++){ > if (substr($temp[$i],0,1)=="*"){ > $temp[$i] = $field." like > '".rtrim(str_replace("*","%",$temp[$i]))."%'"; > $output.= $temp[$i]."|"; > } elseif (substr($temp[$i],0,1)=="-"){ > $temp[$i] = " and ".$field." not > like > '".rtrim(str_replace("*","%",$temp[$i]))."'"; > $output.= $temp[$i]."|"; > } elseif (substr($temp[$i],0,1)=="="){ > $temp[$i] = " and > ".$field."='".rtrim(str_replace("=","",$temp[$i]))."'"; > $output.= $temp[$i]."|"; > } elseif (substr($temp[$i],0,1)!="+" && > substr($temp[$i],0,1)!="-"&&substr($temp[$i],0,1)!="*" && > substr($temp[$i],0,1)!="="){ > $temp[$i] = "and ".$field." like > '%".rtrim(str_replace("=","",$temp[$i]))."'"; > $output.= $temp[$i]."|"; > } else { > $temp[$i] = " > ".$field."='".rtrim($temp[$i])."'"; > $output.= $temp[$i]."|"; > } > } > $output = " AND > ".substr($output,0,strlen($output)-1); > } else { > $temp = $input; > if (substr($temp,0,1)=="*"){ > $temp = $field." like > '".rtrim(str_replace("*","%",$temp))."'"; > } elseif (substr($temp,0,1)=="-"){ > $temp = $field." not like > '".rtrim(str_replace("*","%",$temp))."'"; > } elseif (substr($temp,0,1)=="="){ > $temp = > $field."='".rtrim(str_replace("=","",$temp))."'"; > } elseif (substr($temp,0,1)!="+" && > substr($temp,0,1)!="-"&&substr($temp,0,1)!="*" && > substr($temp,0,1)!="="){ > $temp = $field." like > '%".rtrim(str_replace("=","",$temp))."'"; > } else { > $temp = $field."='".rtrim($temp)."'"; > } > $output = " AND ".$temp; > } > } else { > $output = ""; > } > return $output; > } > ================================================= > This works fine if the user has eneterd either no control or the * > wildcared > with the criteria. > > Any suggestions? > > Cheers > > George > > > > -----Original Message----- > > From: George Pitcher [mailto:george.pitcher@xxxxxxxxxxx] > > Sent: 20 May 2004 2:33 pm > > To: php-windows@xxxxxxxxxxxxx > > Subject: RE: Passing +, =, - at post and get > > > > > > Charles, > > > > No way! This site will only have about 3-4 users as its an > > intranet and I'll > > be parsing everything at the server end. > > > > George > > > > > > > -----Original Message----- > > > From: Charles P. Killmer [mailto:charlesk@xxxxxxxxxxxxxxxxxxxxx] > > > Sent: 20 May 2004 2:31 pm > > > To: php-windows@xxxxxxxxxxxxx > > > Subject: RE: Passing +, =, - at post and get > > > > > > > > > I hope you are not allowing the client to send T-SQL through the > query > > > string. Consider them sending something like > > > File.php?Query='; drop table XXX; -- > > > > > > Charles Killmer > > > > > > -----Original Message----- > > > From: George Pitcher [mailto:george.pitcher@xxxxxxxxxxx] > > > Sent: Thursday, May 20, 2004 8:25 AM > > > To: php-windows@xxxxxxxxxxxxx > > > Subject: Passing +, =, - at post and get > > > > > > Hi, > > > > > > I want to be able to pass the '=', '+' and '-' characters both from > a > > > web form and as part of a url, to enable a better way of searching. > > > However, these characters are choking my IIS webserver and not > getting > > > through to the script. > > > > > > Can anyone suggest a better way of achieving this? > > > > > > Cheers > > > > > > George > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) To unsubscribe, > visit: > > > http://www.php.net/unsub.php > > > > > > -- > > > PHP Windows Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > -- > > PHP Windows Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
