subject:"\[PHP\-DB\] \[suspicious \- maybe spam\] How to deal with \" ...\?"

Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?

2005-05-05 Thread Chris

The *proper* way to handle this would be to individually urlencode() 
each variable, then use htmlspecialchars() (or htmlentities()) on the 
entire URL. (example below). Given that, most people don't bother with 
the htmlspecialchars step.

$sURL = $_SERVER['PHP_SELF'].'?familia03=' . urlencode($row['familia']) . 'cat02=' . 
urlencode($cat02).'cat03='.urlencode($cat03).'cat04='.urlencode($cuadro04);
$sURL = htmlspecialchars($sURL);
http://www.php.net/urlencode
http://www.php.net/htmlspecialchars
Chris
Ardilla Roja wrote:
Hi,
I'm working in a database of products.  Until now I'm able to do
search, retrieve data for display, etc... but my problem is with
products that use   example:
(This is the way the data is stored in de DB)
Esmerilador manual 5 - 6
Sierra de mano 7 - 8
Sierra portatil 10 - 16
Sierra de banco 10 - 24
Sierra gasolina 12 - 14
Taller Industrial 6 - 12
I'm retrieving the data with mysql_fetch_array... What I need to do is
to present the name of the product as a link to a form for quotation
purposes...but, here is the result (i'm passing other variables too):
- - - - - - - - - - PHP CODE
while ( $row = mysql_fetch_array($resultado03) ) {
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);
- - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
6cat02=3cat03=32cat04=322
but the first  broke my link into two diferent strings, so, i'm not
able to pass the whole string and the other variables (cat02, cat03,
cat04) to the quotation page.
I'd tried addslashes, but I think isn't what I need. I tried also
replacing the  with ' in my PHP code, but it didn't work.
Any advice would be apreciated.
PS- Sorry for my english, but isn't my natural language.
 

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?

2005-05-05 Thread Firan Corneliu

Another method could be the base64_encode(),base64_decode().
Something like this :
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.base64_encode($row['familia']).cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);

Hope it helps,
capi

On Wed, 2005-05-04 at 20:05 -0700, Ardilla Roja wrote:
 Hi,
 
 I'm working in a database of products.  Until now I'm able to do
 search, retrieve data for display, etc... but my problem is with
 products that use   example:
 
 (This is the way the data is stored in de DB)
 
 Esmerilador manual 5 - 6
 Sierra de mano 7 - 8
 Sierra portatil 10 - 16
 Sierra de banco 10 - 24
 Sierra gasolina 12 - 14
 Taller Industrial 6 - 12
 
 I'm retrieving the data with mysql_fetch_array... What I need to do is
 to present the name of the product as a link to a form for quotation
 purposes...but, here is the result (i'm passing other variables too):
 
 - - - - - - - - - - PHP CODE
 while ( $row = mysql_fetch_array($resultado03) ) {
 echo(codigo:. $row['codigo'] . | familia: stronga
 href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
 $row['familia']./a/strongbr \n);
 
 - - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
 - - - - - - - - - - - - - - - - - -
 a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
 6cat02=3cat03=32cat04=322
 
 but the first  broke my link into two diferent strings, so, i'm not
 able to pass the whole string and the other variables (cat02, cat03,
 cat04) to the quotation page.
 
 I'd tried addslashes, but I think isn't what I need. I tried also
 replacing the  with ' in my PHP code, but it didn't work.
 
 Any advice would be apreciated.
 
 PS- Sorry for my english, but isn't my natural language.
 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] [suspicious - maybe spam] How to deal with ...?

2005-05-05 Thread Bastien Koert

convert them to ascii characters, then you don't have the issue
bastien
From: Ardilla Roja [EMAIL PROTECTED]
Reply-To: Ardilla Roja [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] [suspicious - maybe spam] How to deal with  ...?
Date: Wed, 4 May 2005 20:05:51 -0700
Hi,
I'm working in a database of products.  Until now I'm able to do
search, retrieve data for display, etc... but my problem is with
products that use   example:
(This is the way the data is stored in de DB)
Esmerilador manual 5 - 6
Sierra de mano 7 - 8
Sierra portatil 10 - 16
Sierra de banco 10 - 24
Sierra gasolina 12 - 14
Taller Industrial 6 - 12
I'm retrieving the data with mysql_fetch_array... What I need to do is
to present the name of the product as a link to a form for quotation
purposes...but, here is the result (i'm passing other variables too):
- - - - - - - - - - PHP CODE
while ( $row = mysql_fetch_array($resultado03) ) {
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);
- - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
6cat02=3cat03=32cat04=322
but the first  broke my link into two diferent strings, so, i'm not
able to pass the whole string and the other variables (cat02, cat03,
cat04) to the quotation page.
I'd tried addslashes, but I think isn't what I need. I tried also
replacing the  with ' in my PHP code, but it didn't work.
Any advice would be apreciated.
PS- Sorry for my english, but isn't my natural language.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] [suspicious - maybe spam] How to deal with ...?

2005-05-04 Thread Ardilla Roja

Hi,

I'm working in a database of products.  Until now I'm able to do
search, retrieve data for display, etc... but my problem is with
products that use   example:

(This is the way the data is stored in de DB)

Esmerilador manual 5 - 6
Sierra de mano 7 - 8
Sierra portatil 10 - 16
Sierra de banco 10 - 24
Sierra gasolina 12 - 14
Taller Industrial 6 - 12

I'm retrieving the data with mysql_fetch_array... What I need to do is
to present the name of the product as a link to a form for quotation
purposes...but, here is the result (i'm passing other variables too):

- - - - - - - - - - PHP CODE
while ( $row = mysql_fetch_array($resultado03) ) {
echo(codigo:. $row['codigo'] . | familia: stronga
href=\.$_SERVER['PHP_SELF'].?familia03=.$row['familia'].cat02=$cat02cat03=$cat03cat04=$cuadro04\.
$row['familia']./a/strongbr \n);

- - - - - - - - - - -HTML RESULT - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - -
a href=/beta1/bd_backup_02.php?familia03=Esmerilador manual 5 -
6cat02=3cat03=32cat04=322

but the first  broke my link into two diferent strings, so, i'm not
able to pass the whole string and the other variables (cat02, cat03,
cat04) to the quotation page.

I'd tried addslashes, but I think isn't what I need. I tried also
replacing the  with ' in my PHP code, but it didn't work.

Any advice would be apreciated.

PS- Sorry for my english, but isn't my natural language.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?

Re: [PHP-DB] [suspicious - maybe spam] How to deal with ...?

RE: [PHP-DB] [suspicious - maybe spam] How to deal with ...?

[PHP-DB] [suspicious - maybe spam] How to deal with ...?

4 matches

Site Navigation

Mail list logo

Footer information