Re: [PHP] URLencode issues - halp! - code included
besides urlencode you should also use htmlspecialchars
SpyProductions Support Team wrote:
Here is some code:
From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:
$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';
That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:
$name = urldecode($name);
if(!$name) { print You entered an invalid name. Please stop and call us
at; }
else { Inserts record into database. }
That's it. It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).
urlencode may just be a flaky thing to use? Perhaps depending on the
browser?
Thanks,
-Mike
-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!
Mike --
...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.
Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything. No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)
HTH HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URLencode issues - halp!
At 22:30 23.01.2003, David T-G spoke out and said: [snip] ...and then SpyProductions Support Team said... % % I am having some issues, apparently, with URL encode. ... % % I decided to use this because people are allowed to use *any* key as part of % their name, so a name like rt'$%^*'rt is perfectly allowable. Makes sense, but I'd use base64_encode (with base64_decode, of course) rather than urlencode; it will properly shield everything. No, I don't know why 'normal' names fail and goofy ones don't; without some code and some specific examples we can't really tell too well :-) [snip] I believe you could even use md5() to encode the logon... would shield everything too :) -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] URLencode issues - halp!
I am having some issues, apparently, with URL encode. I've got people signing up for a membership on a site, but some of their memberships fail because the username, which in encoded, sometimes goes through fine and sometimes does not. Are there any special reasons this may happen? I decided to use this because people are allowed to use *any* key as part of their name, so a name like rt'$%^*'rt is perfectly allowable. The strange thing is, more normal names like 'star99' or just 'logmein' are failing, but the weirder character typed names are making it through fine. Any ideas? Oh, and BTW, I do use urldecode(). :) Thanks, -Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URLencode issues - halp!
Some code please! RW Quoting SpyProductions Support Team [EMAIL PROTECTED]: ### ### I am having some issues, apparently, with URL encode. ### ### I've got people signing up for a membership on a site, but some of their ### memberships fail because the username, which in encoded, sometimes goes ### through fine and sometimes does not. ### ### Are there any special reasons this may happen? ### ### I decided to use this because people are allowed to use *any* key as part ### of ### their name, so a name like rt'$%^*'rt is perfectly allowable. ### ### The strange thing is, more normal names like 'star99' or just 'logmein' ### are ### failing, but the weirder character typed names are making it through ### fine. ### ### Any ideas? ### ### Oh, and BTW, I do use urldecode(). :) ### ### Thanks, ### ### -Mike ### ### ### ### -- ### PHP General Mailing List (http://www.php.net/) ### To unsubscribe, visit: http://www.php.net/unsub.php ### ### -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URLencode issues - halp!
--- SpyProductions Support Team [EMAIL PROTECTED] wrote: I am having some issues, apparently, with URL encode. ... Oh, and BTW, I do use urldecode(). :) If you are using URL encode in order to pass values on the URL (and then reference them as $_GET['blah']), then URL decoding is superfluous and can cause problems. Some code or more details would be nice, as the other poster suggested. As it is, we have no idea why you are using URL encoding, so we have no idea what is not working for you. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URLencode issues - halp!
Mike -- ...and then SpyProductions Support Team said... % % I am having some issues, apparently, with URL encode. ... % % I decided to use this because people are allowed to use *any* key as part of % their name, so a name like rt'$%^*'rt is perfectly allowable. Makes sense, but I'd use base64_encode (with base64_decode, of course) rather than urlencode; it will properly shield everything. No, I don't know why 'normal' names fail and goofy ones don't; without some code and some specific examples we can't really tell too well :-) HTH HAND :-D -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage. (work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science and Health http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg! msg94223/pgp0.pgp Description: PGP signature
RE: [PHP] URLencode issues - halp! - code included
Here is some code:
From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:
$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';
That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:
$name = urldecode($name);
if(!$name) { print You entered an invalid name. Please stop and call us
at; }
else { Inserts record into database. }
That's it. It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).
urlencode may just be a flaky thing to use? Perhaps depending on the
browser?
Thanks,
-Mike
-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!
Mike --
...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.
Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything. No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)
HTH HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] URLencode issues - halp! - code included
Take the
$name = urldecode($name);
bit out. The decoding is all handled by PHP before your script runs.
Also, you should look into using $_GET['name'] instead of $name.
SpyProductions Support Team wrote:
Here is some code:
From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:
$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';
That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:
$name = urldecode($name);
if(!$name) { print You entered an invalid name. Please stop and call us
at; }
else { Inserts record into database. }
That's it. It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).
urlencode may just be a flaky thing to use? Perhaps depending on the
browser?
Thanks,
-Mike
-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!
Mike --
...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.
Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything. No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)
HTH HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
RE: [PHP] URLencode issues - halp! - code included
So what is the decode part for then? Earlier versions of PHP?
:)
Thanks,
-Mike
-Original Message-
From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 4:43 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] URLencode issues - halp! - code included
Take the
$name = urldecode($name);bit out. The decoding is all handled by PHP before
your script runs. Also, you should look into using $_GET['name'] instead of
$name.
SpyProductions Support Team wrote:
Here is some code:
From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:
$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';
That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:
$name = urldecode($name);
if(!$name) { print You entered an invalid name. Please stop and call us
at; }
else { Inserts record into database. }
That's it. It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).
urlencode may just be a flaky thing to use? Perhaps depending on the
browser?
Thanks,
-Mike
-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!
Mike --
...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.
Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything. No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)
HTH HAND
:-D
--
David T-G * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
--
The above message is encrypted with double rot13 encoding. Any unauthorized
attempt to decrypt it will be prosecuted to the full extent of the law.
RE: [PHP] URLencode issues - halp! - code included
--- SpyProductions Support Team [EMAIL PROTECTED] wrote: So what is the decode part for then? Earlier versions of PHP? No, it is for decoding URL-encoded strings, just as you would expect. The reason you do not need to decode URL variables is because they are not URL-encoded by the time your script executes. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
