HTML entity trouble

Re: HTML entity trouble

In article <8b37e2e5.03090 31121.62d6dacd@ posting.google. com>,
david_shadovitz @xontech.com (David Shadovitz) wrote:
[color=blue]
> I've got a page which creates a hyperlink as follows:
>
> printf('<a href="%s?txtFil ter=%s">%s</a>', $_SERVER['PHP_SELF'],
> $txtFilter, $text);
>
> Let's say that the value of $txtFilter is:
> directory LIKE '%data1/%'
>
> Clicking on this link takes me to this page:
>
> http://www.mydomain.co m/dspItem.php?txt Filter=director y%20LIKE%20'%da ta1/%'
>
> I then display the value of the URL variable $txtFilter in an HTML
> text field:
>
> printf("Filter: <input type='text' name='txtFilter ' value='%s'>",
> htmlspecialchar s($txtFilter, ENT_QUOTES));
>
> The problem is that it is displayed in the text field as
> dir LIKE 'Uta1/%'
> where the U has an acute accent. The "%da" is being displayed as an
> acute-accented U.[/color]

$txtFilter = urlencode($txtF ilter);

before using it in an <a href="..."> is the first thing that comes to
mind (untested).

JP

--
Sorry, <devnull@cauce. org> is een "spam trap".
E-mail adres is <jpk"at"akamail .com>, waarbij "at" = @.

Re: HTML entity trouble

David Shadovitz wrote:
[color=blue]
> I'm new to PHP and can use some help with avoiding HTML entity
> trouble.
>
> I've got a page which creates a hyperlink as follows:
>
> printf('<a href="%s?txtFil ter=%s">%s</a>', $_SERVER['PHP_SELF'],
> $txtFilter, $text);
>
> Let's say that the value of $txtFilter is:
> directory LIKE '%data1/%'[/color]

I hope you aren't passing around SQL statements to be executed. That's wide
open for abuse.

[color=blue]
> Clicking on this link takes me to this page:
>
>[/color]
http://www.mydomain.co m/dspItem.php?txt Filter=director y%20LIKE%20'%da ta1/%'

Then your browser is already correcting for your errors. Not all do so in
the same way. The HTML you are producing is:

<a href="dspItem.p hp?txtFilter=di rectory LIKE '%data1/%'">...</a>

That contains plenty of errors. To include special characters in the query
string portion of a URL, you need to encode them. PHP provides urlencode()
to do this.

[color=blue]
> I then display the value of the URL variable $txtFilter in an HTML
> text field:
>
> printf("Filter: <input type='text' name='txtFilter ' value='%s'>",
> htmlspecialchar s($txtFilter, ENT_QUOTES));
>
> The problem is that it is displayed in the text field as
> dir LIKE 'Uta1/%'
> where the U has an acute accent. The "%da" is being displayed as an
> acute-accented U.[/color]

That is because %da is the encoded form of an acute-accented U. The %
character has a special meaning within query strings, so you need to encode
it as %25. urlencode() will do this for you, along with any other special
characters, such as spaces (%20).

PS: None of this is related to HTML entities. You are handling that with
the htmlspecialchar s() function already. Try 'View source' to help debug
things occasionally.

--
Jim Dabell