Aaron Craig wrote:
>
> At 18.07 24/07/2001 -0700, you wrote:
>
> I may be mistaken here, but:
>
> <a href="http://www.foo.bar/script.cgi?page=1&=2"=4";>
> "&"
> </a>
>
> should parse exactly as one would expect, with no error correction involved
> because
>
> &
>
> is a legal HTML entity
>
> & (no final semi-colon)
>
> is just a string
ok, last year at yapc in pittsburgh randal mentioned this in one of his
talks. afterward i experimented with it some and discovered he is
right. without encoding, things do not behave as one would expect.
here's a perl script i used:
#!/usr/bin/perl -w
use strict;
use CGI;
my $cgi = new CGI;
print $cgi->header();
foreach ($cgi->param()) { print "$_: ", $cgi->param($_), "<br>"; }
exit();
and here are several query strings i tried and the results in a browser:
<a href="/cgi-bin/script.cgi?name=fliptop&dog=mutt">Click to
test</a>
name: fliptop
dog: mutt
<a href="/cgi-bin/script.cgi?name=fliptop&dog=mutt">Click here</a>
name: fliptop
dog: mutt
<a href="/cgi-bin/script.cgi?name=fliptop&=ampersand">Click here</a>
name: fliptop
: ampersand
(in fact, when you roll over this link and look at it in the status bar,
it says, "http://whatever/cgi-bin/script.cgi?name=fliptop&=ampersand";)
<a href="/cgi-bin/script.cgi?name=fliptop©=copy">Click here</a>
name: fliptopŠ=copy
(in case this doesn't show up, there's a little copyright symbol before
the '=')
so that only leaves one question: how would you encode something like
this:
name=fliptop
company=at&t
?
<a href="/cgi-bin/script.cgi?name=fliptop&company=at&t">Click
here</a>
name: fliptop
company: at
t:
nope. how about this:
<a href="/cgi-bin/script.cgi?name=fliptop&company=at%26t">Click
here</a>
name: fliptop
company: at&t
ah ha! i hope this settles this discussion.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
