No, I'm all for a public flaming... let him serve as an example to others!! :)
In all honesty, I have posted about the htmlentities/htmlspecialchars() requirement when putting data in form inputs quite a lot recently. You should have picked up on it sooner. :) Oh well, though... at least you know now... AND KNOWING IS HALF THE BATTLE! ---John Holmes... ----- Original Message ----- From: "Aaron Gould" <[EMAIL PROTECTED]> To: "'Petre Agenbag'" <[EMAIL PROTECTED]>; "'Chris Hayes'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, June 18, 2003 8:59 AM Subject: RE: [PHP] Problems with quotes in URL - SOLVED - plz FLAME me!!! Oh come on now, we don't flame people, or even engage in name-calling for that matter on this list... :) We all learn our lessons. -- Aaron Gould Web Developer Parts Canada -----Original Message----- From: Petre Agenbag [mailto:[EMAIL PROTECTED] Sent: June 18, 2003 8:49 AM To: Chris Hayes Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Problems with quotes in URL - SOLVED - plz FLAME me!!! Hi lists ( and all the guys trying to help me) Firstly SORRY, I oversimplified my examples that I posted in the hope that I would get to the solution faster. What i failed to mention in my stupidity, was that I echoed the variable as the value of a form input text field, so I actually messed up the HTML, and I just realized it, and a simple $var = htmlspecialchars($var) does the trick beautifully. Again Sorry guys, I really should have known better than to post stripped down code as the problem is usually a simple thing like this... Just for the by-and-by, my previous claims to having a "perfectly working" application before upgrading to 4.3.1 was also then a load of bull, and I only realized now that my app had this bug in it all the time! Just goes to show. Anyway, I deserve a good flaming for this one! I'm ready;) On Wed, 2003-06-18 at 14:39, Chris Hayes wrote: > (cutted the part about sending a var as get) > > >page.php?my_var=whatever+whatever++%5C%22whatever+whatever%5C%22&next_var=b labla > ok so here the variable is still complete, including slashes and quotes. > > > >And now, on page.php > > > >If I do an > > > >echo stripslashes($my_var); > > > >I get exactly this: > > > >whatever whatever \ > > i get better results with > > echo stripslashes(urldecode($_GET['my_var'])); > (or in your version > echo stripslashes(urldecode($my_var)); > ) > > > this even though Marek said "Incomming GET values are urldecoded > automaticaly, no need to do this." (this=urldecode) > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
