<a href="contactus.php?email=director&subject=job%20enquiry"></a>
To get the vars from the thread, if you don't know it's name, you can use soemthing like this:
foreach($_GET as $key => $name){
$get[] = htmlentites($name, 'ENT_QUOTES');
}
that way you'll get a $get array, with all the url parts in it, numbered from 0->n
the htmlentities() makes sure that all html compatible chars get transformed in to others, which look the same but don't work as html (eg » and such).
Hope this helps,
- Tularis
XMB Lead Developer
Cj wrote:
I have a "contact us" php script on my site that allows users to email
direct from the webiste. I want to be able to pass the to address and
subject line to the script so I can call teh web page from elsewhere on the
site and have it automatically choose the correct email address and subject
line.
EG instad of using which requires them
to have an email client set up on the machine I want to link to
<mailto:joe@;bloggs.mail.com>
The script already handles the email=director by setting a default entry in
a drop down form but I can't get it to separate the first and second
variables in the URL.
Also is this a big security risk as I will be echoing the 2nd variable as
the contents of a form field. Would it be possible for someone to type in
the URL with HTML/php in it that would make a mess of everything? How can I
protect against this? Would it be sufficient to just pase the 2nd variable
for non alphabetic characters and remove them?
<contactus.php?email=director>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
