You are here: Re: [PHP] Urlencode vs htmlentities « PHP « IT news, forums, messages
Re: [PHP] Urlencode vs htmlentities

Posted by Curt Zirzow on 12/07/05 05:18

On Tue, Dec 06, 2005 at 12:05:10PM -0800, Mark Steudel wrote:
> Lets say I have the following:

Before I go further:

htmlentities - escapes the output for html
urlencode - escapes the output for a url

>
> Current URL: http://www.domain.com/page.php?action=list
> <http://www.domain.com/page.php?action=list&top=/page.php?action=list&id=3>
> &top=/page.php?action=list&id=3
>
> $top = $_SERVER['PHP_SELF'].'?'.$_SERVER['argv']['0']

- Be careful when using PHP_SELF, probably not a factor here but
consider if someone requested /page.php/foobar?action....
PHP_SELF will be 'page.php/foobar

- $_REQUEST['argv']... well there isn't any such requested
variabled.

>
> Now I want to create a URL with a return link in it
>
> <a href="'.$_SERVER['PHP_SELF'].'?action=add&amp;return='.$top.'"> Add
> Something </a>
>
> Should I use htmlentites on $top first?

no.. your are defining a url paremeter, so you should escape for a url

>
> Second let's say instead of constructing a link I want to use a header and
> redirect someone
>
> header("location: page.php?action=add&return=".$top );
>
> So do I use urlencode here?

yes, cause your are defining a url parameter.

>
> Lets say I have something that has been htmlentitied, and I want to use a
> header command, do I htmlentitydecode and then urlencode?

Lets say i open a bottle of wine for someone, should I take the
first sip and say yes this is a good wine or not, or let them taste
and decide.

I wonder this cause, well, i wonder why the url has anything to do
with htmlentities, cause it doesn't.. all it needs to know is that
what it is sending is ok (urlencoded). The url doesn't care what the
application did prior to sending the data.

Hopefully to explain my first thoughts:

1. htmlentities should only be applied when outputing data that
will be interpreted as html.

ie: echoing to the browser.

2. urlencode should be used when outputing data that will be
interpreted within a url.

ie: making an href or header('Location: ') call, in otherwords
defining data being sent via http.

HTH,

Curt.
--
cat .signature: No such file or directory

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация