On Tue, 28 Oct 2003, Rasmus Lerdorf wrote:
> On Wed, 29 Oct 2003, Christian Schneider wrote:
>
> > Gareth Ardron wrote:
> > > $var = "foo=1&bar=2";
> >
> > To clarify:
> > You should use $var = "foo=1&bar=2"; and then $var for header() but
> > htmlspecialchar($var) for your href:
> > - HTTP-Headers must not be html-encoded.
> > - HTML-Attributes on the other hand have to be html-encoded.
> >
> > Even though most browsers work with hrefs without html-encoding and some
> > browsers might understand & in HTTP-Headers this is not conforming
> > to the standards.
>
> Actually, & is the way you need to write it if you are going to be
> perfectly standards-compliant.
That is correct for URLs in HTML. It is incorrect for HTTP headers
(there is no entity decoding involved).
> It's just that nobody does this.
Really? My applications supply their own php.ini and always
contain
arg_separator.output = "&"
which is also listed in php.ini-dist.
> You can
> make PHP understand this by setting the separator in your php.ini file to
> &
Nope, input separators are always one character wide.
- Sascha
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
