header()

Re: header()

In article <1160823837.414 229.81990@h48g2 000cwc.googlegr oups.com>,
"sree" <sreedharnatara jan@gmail.comwr ote:

try: suc=password+ch anged+successfu lly

Re: header()

Hmm sree <sreedharnatara jan@gmail.comwr ote:
header("Locatio n: myaccount.php?s uc=".rawurlenco de
("password changed successfully")) ;

--
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();

Re: header()

Bob Arn:
RFC2616 states that Location must be a URI not a relative reference,
and RFC3986 states that URIs cannot contain unencoded spaces.
User-agent error recovery probably means both that the Request-URI from
the original request is understood as the base URI from which the
relative reference is resolved and that the value of Location is taken
as everything up until the first space.
Plus signs do have advantages over %20 in that they are two characters
shorter, they render the URL more readable, and in this case they are
intuitively better suited to concatenation. However, HTTP/1.1 does not
assign any special meaning to <+>; nowhere does it say that <+means a
space. Where <+does mean a space is in the
application/x-www-form-urlencoded content type, as described in
HTML4.01 sec. 17.13.4.

I would percent-encode spaces here.

--
Jock

Re: header()

Why dont you just change 'password changed successfully' to 1 and test
that?

You dont have to use sentences in variables, and chances are you are
doing a test anyways. One trick i have done is to return a code, and
the code would be the trigger to output. It is much simpler to write
the code, even though you lose readability to the user. But thats what
define() is for.

<?
define('PASS_CH ANGE_GOOD', 1);
define('PASS_CH ANGE_BAD', 2);

if ($_GET['suc'] == PASS_CHANGE_GOO D)
{
print "Your password has been changed successfully!";
}
?>

..:[ ikciu ]:. wrote:

Re: header()

Hmm Uzytkownik <bob.chatman@gm ail.comwrote:this is not my solution - i just wrote him correct code for that solution
what he use

--
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();

Re: header()

In article <1160830571.192 891.47760@m73g2 000cwd.googlegr oups.com>,
"John Dunlop" <usenet+2004@jo hn.dunlop.namew rote:
It doesn't matter because the page it's going to is myaccount.php. The
rest is only used by the application. The important thing is that it's
not a space or other forbidden character.

Re: header()

All and all it is always going to be a bad idea to send variables in
the header. This is not just in relation to security, but its also
speed of transfer. Nowadays most people that you will deal with have
high bandwidth but if you are dealing with a person with restricted
bandwidth you should keep in mind that sending a string of characters
is always going to be more difficult than sending a single integer
value and letting the server handle the switches and printing.

But again, this is always going to be dependant upon your target
application and user, along with how simple or extendable you want the
application to be.

Re: header()

pretty simple:

?suc=password+c hanged+successf ully

or there are a few other ways but that one should do it.

On Oct 14, 9:03 pm, "sree" <sreedharnatara jan@gmail.comwr ote: