|
Posted by Rasmus Lerdorf on 10/06/18 11:22
Jochem Maas wrote:
> Rasmus Lerdorf wrote:
>
>> maddog1169 wrote:
>>
>>> The one that does not get accepted is
>>>
>>> <Group>
>>>
>>> including the "<>"
>>
>>
>>
>> You have something like this?
>>
>> <input type=text name="<Group>" />
>>
>> It should work. Make sure you have quotes around it, of course, or
>> weird stuff will happen.
>
>
> IIRC technically the < and > should be HTML entity encoded.
> depending on browser/server/doctype combination that also may
> be giving the OP a problem?
>
> e.g.
>
> <input type="text" name="<Group>" />
>
> ...
>
> looking into this a little further I discover the following information
> at w3c:
> (here: http://www.w3.org/TR/html4/types.html#type-name)
>
> ID and NAME tokens must begin with a letter ([A-Za-z]) and may be
> followed by any number of letters, digits ([0-9]), hyphens ("-"),
> underscores ("_"), colons (":"), and periods (".").
>
> which suggests that even though a < and/or > in a name attribute value
> can/does work it might not be a good idea to use it.
That's very true. And I suspect some browsers may not like sending
these characters directly without encoding them first. My point was
simply that PHP doesn't really care and that if the browser manages to
send the POST data with those chars, there is nothing in PHP stopping
them from showing up in the $_POST array. A space or a period get
converted to underscores, but we don't touch < and >
-Rasmus
Navigation:
[Reply to this message]
|