echo
"add_to_cart.php?item_num=$item_num&quantity=$quantity".
"&sale_price=$sale_price&unit=$unit&short_desc=".
url_encode($short_desc)."&wholesaler=$wholesaler&cost=$cost"
;
You need to encode any parameter (everything to the right of that first '?') that might include the '?', '&'. '#' or space characters, since those all mean something special in a URL. To be safe, it's best to encode everything - or at least all strings. However, you have to encode them individually, since you need the UNencoded '&' between them to delimit parameters, and you need that '?' there to indicate the start of the parameters.
I don't know the details of your program design, but there may be no reason to pass all the item details (description, sale price, etc.) in the URL anyway. Can't you just look them up in the add_to_card.php page, based on the item_num? Thus, all you need to pass are the quantity & item_number:
echo "add_to_cart.php?item_num=$item_num&quantity=$quantity";
For one thing, that would eliminated the possibility of someone trying to get everything for free by manually typing a URL like
add_to_cart.php?item_num=SOU3432410&quantity=1&sale_price=0&unit=...
-steve
At 6:29 PM -0500 1/18/03, Joab Stieglitz wrote:
OK. I urlencoded the URL and now the URL passes correctly... add_to_cart.php%3Fitem_num%3DSTT32700%26quantity%3D1%26sale_price%3D52.78%26 unit%3DBX%26short_desc%3DENVELOPE%2C100%25COT%2024%23%2CGY%26wholesaler%3DUS %26cost%3D37.700... but I get the following error: Forbidden You don't have permission to access /carmae/add_to_cart.php?item_num=STT32700&quantity=1&sale_price=52.78&unit=B X&short_desc=ENVELOPE,100%COT 24#,GY&wholesaler=US&cost=37.700 on this server. I've never seen anything like this before. Suggestions? "Brad Pauly" <[EMAIL PROTECTED]> wrote in message 1042912825.15063.33.camel@earth">news:1042912825.15063.33.camel@earth...> For example, this URL: >> > add_to_cart.php?item_num=SOU3432410&quantity=1&sale_price=24.92&unit=BX > > &short_desc=ENVELOPE,25%COT 24#,IY&wholesaler=US&cost=18.690> > gets cut off at the # sign, so $wholesaler and $cost come out empty. > > Any suggestions to get around this? You could use urlencode() and urldecode(). http://www.php.net/manual/en/function.urlencode.php http://www.php.net/manual/en/function.urldecode.php Brad-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- +------------------------------------------------------------------------+ | Steve Edberg [EMAIL PROTECTED] | | University of California, Davis (530)754-9127 | | Programming/Database/SysAdmin http://pgfsun.ucdavis.edu/ | +------------------------------------------------------------------------+ | SETI@Home: 1001 Work units on 23 oct 2002 | | 3.152 years CPU time, 3.142 years SETI user... and STILL no aliens... | +------------------------------------------------------------------------+ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
