Re: [PHP] URLencode issues - halp! - code included

2003-01-24 Thread Marek Kilimajer 
besides urlencode you should also use htmlspecialchars

SpyProductions Support Team wrote:


Here is some code:


From a form, I get username as $name and it goes to the processing file for

the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print You entered an invalid name.  Please stop and call us
at; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







 

-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!


Mike --

...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.

Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything.  No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)


HTH  HAND

:-D
--
David T-G  * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


   




 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread SpyProductions Support Team 

Here is some code:

From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print You entered an invalid name.  Please stop and call us
at; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







 -Original Message-
 From: David T-G [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, January 23, 2003 3:31 PM
 To: PHP General list
 Cc: SpyProductions Support Team
 Subject: Re: [PHP] URLencode issues - halp!


 Mike --

 ...and then SpyProductions Support Team said...
 %
 % I am having some issues, apparently, with URL encode.
 ...
 %
 % I decided to use this because people are allowed to use *any*
 key as part of
 % their name, so a name like rt'$%^*'rt is perfectly allowable.

 Makes sense, but I'd use base64_encode (with base64_decode, of course)
 rather than urlencode; it will properly shield everything.  No, I don't
 know why 'normal' names fail and goofy ones don't; without some code and
 some specific examples we can't really tell too well :-)


 HTH  HAND

 :-D
 --
 David T-G  * There is too much animal courage in
 (play) [EMAIL PROTECTED] * society and not sufficient moral courage.
 (work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science
 and Health
 http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread Leif K-Brooks 
Take the

$name = urldecode($name);

bit out.  The decoding is all handled by PHP before your script runs. 
Also, you should look into using $_GET['name'] instead of $name.

SpyProductions Support Team wrote:

Here is some code:


From a form, I get username as $name and it goes to the processing file for

the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print You entered an invalid name.  Please stop and call us
at; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







 

-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!


Mike --

...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.

Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything.  No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)


HTH  HAND

:-D
--
David T-G  * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


   




 


--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.

RE: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread SpyProductions Support Team 
So what is the decode part for then?  Earlier versions of PHP?

:)

Thanks,

-Mike

  -Original Message-
  From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, January 23, 2003 4:43 PM
  To: [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Subject: Re: [PHP] URLencode issues - halp! - code included


  Take the
$name = urldecode($name);bit out.  The decoding is all handled by PHP before
your script runs.  Also, you should look into using $_GET['name'] instead of
$name.

  SpyProductions Support Team wrote:

Here is some code:

From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print META HTTP-EQUIV='refresh'
CONTENT='0;URL=http://somedestination.php?name=$data';



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print You entered an invalid name.  Please stop and call us
at; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







  -Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!


Mike --

...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like rt'$%^*'rt is perfectly allowable.

Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything.  No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)


HTH  HAND

:-D
--
David T-G  * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, Science
and Health
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!







--
The above message is encrypted with double rot13 encoding.  Any unauthorized
attempt to decrypt it will be prosecuted to the full extent of the law.

RE: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread Chris Shiflett 
--- SpyProductions Support Team
[EMAIL PROTECTED] wrote:
 So what is the decode part for then?  Earlier versions of
 PHP?

No, it is for decoding URL-encoded strings, just as you
would expect.

The reason you do not need to decode URL variables is
because they are not URL-encoded by the time your script
executes.

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php