Hi,
Tuesday, December 30, 2003, 3:02:24 AM, you wrote:
CW> Let me give a quick background. I am a very experienced programmer but
CW> I haven't done much php and only a little web development in perl. I am
CW> now creating a web site with Apache, php and MySQL.
CW> I am having the user fill out a form and then save the data in MySQL.
CW> Before I save the data I do a few checks and if there is a problem I do
CW> a redirect back to the form and send all the data back so they don't
CW> have to fill out the whole form again. Here is some sample code I use
CW> to build my redirect url....
CW> $UserID = $_POST['UserID'];
CW> $Password1 = $_POST['Password1'];
CW> $Password2 = $_POST['Password2'];
CW> $Email = $_POST['Email'];
CW> $FName = $_POST['FName'];
CW> $LName = $_POST['LName'];
CW> do checking of data here.
CW> if(there is a problem with the data){
CW> $ErrorMsg = "some error";
CW> $redirectStr = "$httpHost/CreateAccount.php?";
CW> $redirectStr .= "UserID=" . urlencode(stripslashes($UserID));
CW> $redirectStr .= "&Password=" .
CW> urlencode(stripslashes($Password));
CW> $redirectStr .= "&Email=" . urlencode(stripslashes($Email));
CW> $redirectStr .= "&FName=" . urlencode(stripslashes($FName));
CW> $redirectStr .= "&LName=" . urlencode(stripslashes($LName));
CW> $redirectStr .= "&ErrorMsg=" . urlencode($ErrorMsg);
CW> header("Location: $redirectStr");
CW> exit;
CW> }
CW> My problem is that any field that contains a double quote, all data
CW> after the first double quote is missing from the form field. When I
CW> look at the long URL I do see a %22 where the " are supposed to be, and
CW> all other data is there too.
CW> Any Ideas? If there is a better way to do this feel free to suggest a
CW> change in my whole method here. Just as a note validation of the UserID
CW> has to be done on the server side, to check for duplicates in the MySQL db.
CW> I would also welcome insight on standard techniques to make sure the
CW> user isn't trying to break the code by sending bogus data. I am already
CW> checking that the data isn't longer than I am expecting.
CW> Chris W
Build the query string then url encode the whole thing in one go and then
add it after the ?
So I would do like this:
$ErrorMsg = "some error";
$redirectStr = "$httpHost/CreateAccount.php?";
$query_string = 'UserID='.$UserID;
$query_string .= '&Password=.stripslashes($Password);
$query_string .= '&Email=.stripslashes($Email);
$query_string .= '&FName='.stripslashes($FName);
$query_string .= '&LName='.stripslashes($LName);
$query_string .= '&ErrorMsg='.$ErrorMsg;
$redirectStr .= urlencode($query_string);
header("Location: $redirectStr");
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
