I am having the user fill out a form and then save the data in MySQL. Before I save the data I do a few checks and if there is a problem I do a redirect back to the form and send all the data back so they don't have to fill out the whole form again. Here is some sample code I use to build my redirect url....
$UserID = $_POST['UserID']; $Password1 = $_POST['Password1']; $Password2 = $_POST['Password2']; $Email = $_POST['Email']; $FName = $_POST['FName']; $LName = $_POST['LName'];
do checking of data here.
if(there is a problem with the data){
$ErrorMsg = "some error";
$redirectStr = "$httpHost/CreateAccount.php?";
$redirectStr .= "UserID=" . urlencode(stripslashes($UserID));
$redirectStr .= "&Password=" . urlencode(stripslashes($Password));
$redirectStr .= "&Email=" . urlencode(stripslashes($Email));
$redirectStr .= "&FName=" . urlencode(stripslashes($FName));
$redirectStr .= "&LName=" . urlencode(stripslashes($LName));
$redirectStr .= "&ErrorMsg=" . urlencode($ErrorMsg);
header("Location: $redirectStr");
exit;
}My problem is that any field that contains a double quote, all data after the first double quote is missing from the form field. When I look at the long URL I do see a %22 where the " are supposed to be, and all other data is there too.
Any Ideas? If there is a better way to do this feel free to suggest a change in my whole method here. Just as a note validation of the UserID has to be done on the server side, to check for duplicates in the MySQL db.
I would also welcome insight on standard techniques to make sure the user isn't trying to break the code by sending bogus data. I am already checking that the data isn't longer than I am expecting.
Chris W
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
