From: "Graeme McLaren" <[EMAIL PROTECTED]>
> Jason, thank you for reply. I tried switching the 1st 2 parameters in the
> str_replace function so that it now looks like this:
>
> $AddressLine1 = urlencode($AddressLine1);
>
> $AddressLine1 = str_replace("+", " ", $AddressLine1);
>
>
>
> Unfortunately as I am now replacing the + symbols with a space " " only
the
> part up to the first space is displayed back to the user.
>
> Any ideas?
I think this whole problem can be solved by putting quotes around your HTML
values.
echo "First Line Of Address: <BR> <input type=\"text\" Name=\"AddressLine1\"
value=\"$AddressLine1\"><BR><BR>";
Now, the ONLY thing you need to do to $AddressLine1 to make it safe to
insert into this HTML form element is run htmlentities() on it.
$safe_AddressLine1 = htmlentities($AddressLine1);
echo "First Line Of Address: <BR> <input type=\"text\" Name=\"AddressLine1\"
value=\"$safe_AddressLine1\"><BR><BR>";
I think the whole bit with + and spaces will go away if you do this.
Remember that you may see "this+that" in the URL, but it's decoded
automatically when it gets to your PHP script back to "this that"...
---John Holmes...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
