besides urlencode you should also use htmlspecialchars
SpyProductions Support Team wrote:
Here is some code:
From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:
$data = urlencode($name);
print "<META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data'>";
That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:
$name = urldecode($name);
if(!$name) { print "You entered an invalid name. Please stop and call us
at...."; }
else { Inserts record into database. }
That's it. It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).
urlencode may just be a flaky thing to use? Perhaps depending on the
browser?
Thanks,
-Mike
-----Original Message-----
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!
Mike --
...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like "rt'$%^*&'rt" is perfectly allowable.
Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything. No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)
HTH & HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science
and Health"
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
