Posted by Rik on 08/01/07 14:51

On Wed, 01 Aug 2007 16:44:23 +0200, Rik <luiheidsgoeroe@hotmail.com> wro=
te:
> $link =3D htmlspecialchars(<path>).'?'.urlencode(<query_string>);

Damn, damn, damn, I'm gonna stop posting, I'm unusually thick today.

Not the entite querystring should be encoded obviously, only the 'name' =
=

and 'value' part, not the & and '=3D'..., and still as an attribute, all=
=

should be hauled through htmlspecialchars()....

Last one before I leave:
$url =3D htmlspecialchars(
rawurlencode(<path>).'?'
.rawurlencode(<name>).'=3D'.rawurlencode(<value>
.'&'
.rawurlencode(<name>).'=3D'.rawurlencode(<value>));
-- =

Rik Wasmus

[Back to original message]