Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
The *proper* way to handle this would be to individually urlencode() each variable, then use htmlspecialchars() (or htmlentities()) on the entire URL. (example below). Given that, most people don't bother with the htmlspecialchars step. $sURL = $_SERVER['PHP_SELF'].'?familia03=' . urlencode($row['familia']) . 'cat02=' . urlencode($cat02).'cat03='.urlencode($cat03).'cat04='.urlencode($cuadro04); $sURL = htmlspecialchars($sURL); http://www.php.net/urlencode http://www.php.net/htmlspecialchars Chris Ardilla Roja wrote: Hi, I'm working in a database of products. Until now I'm able to do search, retrieve data for display, etc... but my problem is with products that use example: (This is the way the data is stored in de DB) Esmerilador manual 5 - 6 Sierra de mano 7 - 8 Sierra portatil 10 - 16 Sierra de banco 10 - 24 Sierra gasolina 12 - 14 Taller Industrial 6 - 12 I'm retrieving the data with mysql_fetch_array... What I need to do is to present the name of the product as a link to a form for quotation purposes...but, here is the result (i'm passing other variables too): - - - - - - - - - - PHP CODE while ( $row = mysql_fetch_array($resultado03) ) { echo(codigo:. $row['codigo'] . | familia: stronga href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\. $row['familia']./a/strongbr \n); - - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 - 6cat02=3cat03=32cat04=322 but the first broke my link into two diferent strings, so, i'm not able to pass the whole string and the other variables (cat02, cat03, cat04) to the quotation page. I'd tried addslashes, but I think isn't what I need. I tried also replacing the with ' in my PHP code, but it didn't work. Any advice would be apreciated. PS- Sorry for my english, but isn't my natural language. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
Another method could be the base64_encode(),base64_decode(). Something like this : echo(codigo:. $row['codigo'] . | familia: stronga href=\.$_SERVER['PHP_SELF'].?familia03=.base64_encode($row['familia']).cat02=$cat02cat03=$cat03cat04=$cuadro04\. $row['familia']./a/strongbr \n); Hope it helps, capi On Wed, 2005-05-04 at 20:05 -0700, Ardilla Roja wrote: Hi, I'm working in a database of products. Until now I'm able to do search, retrieve data for display, etc... but my problem is with products that use example: (This is the way the data is stored in de DB) Esmerilador manual 5 - 6 Sierra de mano 7 - 8 Sierra portatil 10 - 16 Sierra de banco 10 - 24 Sierra gasolina 12 - 14 Taller Industrial 6 - 12 I'm retrieving the data with mysql_fetch_array... What I need to do is to present the name of the product as a link to a form for quotation purposes...but, here is the result (i'm passing other variables too): - - - - - - - - - - PHP CODE while ( $row = mysql_fetch_array($resultado03) ) { echo(codigo:. $row['codigo'] . | familia: stronga href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\. $row['familia']./a/strongbr \n); - - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 - 6cat02=3cat03=32cat04=322 but the first broke my link into two diferent strings, so, i'm not able to pass the whole string and the other variables (cat02, cat03, cat04) to the quotation page. I'd tried addslashes, but I think isn't what I need. I tried also replacing the with ' in my PHP code, but it didn't work. Any advice would be apreciated. PS- Sorry for my english, but isn't my natural language. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] [suspicious - maybe spam] How to deal with ...?
convert them to ascii characters, then you don't have the issue bastien From: Ardilla Roja [EMAIL PROTECTED] Reply-To: Ardilla Roja [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] [suspicious - maybe spam] How to deal with ...? Date: Wed, 4 May 2005 20:05:51 -0700 Hi, I'm working in a database of products. Until now I'm able to do search, retrieve data for display, etc... but my problem is with products that use example: (This is the way the data is stored in de DB) Esmerilador manual 5 - 6 Sierra de mano 7 - 8 Sierra portatil 10 - 16 Sierra de banco 10 - 24 Sierra gasolina 12 - 14 Taller Industrial 6 - 12 I'm retrieving the data with mysql_fetch_array... What I need to do is to present the name of the product as a link to a form for quotation purposes...but, here is the result (i'm passing other variables too): - - - - - - - - - - PHP CODE while ( $row = mysql_fetch_array($resultado03) ) { echo(codigo:. $row['codigo'] . | familia: stronga href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\. $row['familia']./a/strongbr \n); - - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 - 6cat02=3cat03=32cat04=322 but the first broke my link into two diferent strings, so, i'm not able to pass the whole string and the other variables (cat02, cat03, cat04) to the quotation page. I'd tried addslashes, but I think isn't what I need. I tried also replacing the with ' in my PHP code, but it didn't work. Any advice would be apreciated. PS- Sorry for my english, but isn't my natural language. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] [suspicious - maybe spam] How to deal with ...?
Hi, I'm working in a database of products. Until now I'm able to do search, retrieve data for display, etc... but my problem is with products that use example: (This is the way the data is stored in de DB) Esmerilador manual 5 - 6 Sierra de mano 7 - 8 Sierra portatil 10 - 16 Sierra de banco 10 - 24 Sierra gasolina 12 - 14 Taller Industrial 6 - 12 I'm retrieving the data with mysql_fetch_array... What I need to do is to present the name of the product as a link to a form for quotation purposes...but, here is the result (i'm passing other variables too): - - - - - - - - - - PHP CODE while ( $row = mysql_fetch_array($resultado03) ) { echo(codigo:. $row['codigo'] . | familia: stronga href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\. $row['familia']./a/strongbr \n); - - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 - 6cat02=3cat03=32cat04=322 but the first broke my link into two diferent strings, so, i'm not able to pass the whole string and the other variables (cat02, cat03, cat04) to the quotation page. I'd tried addslashes, but I think isn't what I need. I tried also replacing the with ' in my PHP code, but it didn't work. Any advice would be apreciated. PS- Sorry for my english, but isn't my natural language. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php