Do I need to escape this code?

Re: Do I need to escape this code?

Rod Carrol wrote:[color=blue]
> So, I've been using isset to determine the session state:
>
> <?php if (isset($_SESSIO N['user'])) {?>
> <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_o ut">
> <img border="0" src="images/greenround.PNG" width="74" height="74"><p
> style="text-align: center">
> <?php }?>
>
> Now - this only partially works; yes, the icon is only shown when the
> user is logged in - which is cool. However, when clicked it doesn't do
> anything![/color]

What does "doesn't do anything" mean?

Does the browser not follow the link?

Does the newly loaded page return a blank result?

Does it not perform the logout operation you expected? (If so, what does
it do instead?)

Does it perform the logout operation, but continue to display the logout
link?

How does your logout operation work? Has the logout operation already
run at the time this link is output? Does it explicitly clear
$_SESSION['user'] in a way that would cause isset() to return false?

Have you stepped through thte code to see what's being run and what the
values are?
[color=blue]
> I think I should be escaping some code somewhere but I can't work it
> out. And it's frustrating me!![/color]

What kind of thing do you think you would escape? It wouldn't hurt to
use htmlspecialchar s() on $_SERVER['PHP_SELF'], but that isn't likely to
make a difference between the code snippets you posted.

Has any other part of your code changed?

-- brion vibber (brion @ pobox.com)

Re: Do I need to escape this code?

>>What does "doesn't do anything" mean?
[color=blue][color=green]
>>Does the browser not follow the link?[/color][/color]

Apologies - let me clarify. It doesn't follow the link. The user is not
logged out and the session is not ended.
[color=blue][color=green]
>> What kind of thing do you think you would escape?[/color][/color]

Well - I'm not sure! (I've only been learning php for the last couple
of months :o). The only reason I thought I may have an 'escape' issue
is because I found I had to escape the html code inside the php isset()
function in order to get the icon to display properly.

If I remove this isset() check then the icon is displayed and clicking
it logs me out successfully...

Rod.

Re: Do I need to escape this code?

Rod Carrol wrote:
[color=blue]
> This is the simple code I'm using for the icon:
>
> <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_o ut">
> <img border="0" src="images/logout.gif" width="74" height="74"><p
> style="text-align: center">[/color]

If this is the actual statement the markup syntax is wrong. Where is
the closing tag for the anchor. The para cannot sit within the anchor
(block element in line element is wrong. So perhaps something like

<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_o ut"><img
border="0" src="images/logout.gif" width="74" height="74"></a>

<p style="text-align: center">....</p>

Louise

Re: Do I need to escape this code?

>>If this is the actual statement the markup syntax is wrong. Where is
[color=blue][color=green]
>>the closing tag for the anchor. The para cannot sit within the[/color][/color]
anchor[color=blue][color=green]
>>(block element in line element is wrong. So perhaps something like[/color][/color]

Thanks for the reply Louise!

Well - this section of code actually works for me! I did however make
the change you suggested...

....the code continues to work when used 'as-is' - however, when I
combine it with isset(), it fails to follow the link and terminate the
session.

I do apologise if I'm not being very clear about the problem. I thnk I
need to do a bit more reading of my PHP manual!

:o)

Rod.

Re: Do I need to escape this code?

Try this.
if (isset($_SESSIO N['user'])) {
echo "<a href=\"$PHP_SEL F?action=log_ou t\"><img border=\"0\" src=\"\"
width=\"74\" height=\"74\">< p style=\"text-align: center\"></p></a>";
}


Brent Palmer.




"Rod Carrol" <rodtheplodder@ yahoo.co.uk> wrote in message
news:1110499447 .321342.145020@ l41g2000cwc.goo glegroups.com.. .[color=blue][color=green][color=darkred]
>>>If this is the actual statement the markup syntax is wrong. Where is[/color][/color]
>[color=green][color=darkred]
>>>the closing tag for the anchor. The para cannot sit within the[/color][/color]
> anchor[color=green][color=darkred]
>>>(block element in line element is wrong. So perhaps something like[/color][/color]
>
> Thanks for the reply Louise!
>
> Well - this section of code actually works for me! I did however make
> the change you suggested...
>
> ...the code continues to work when used 'as-is' - however, when I
> combine it with isset(), it fails to follow the link and terminate the
> session.
>
> I do apologise if I'm not being very clear about the problem. I thnk I
> need to do a bit more reading of my PHP manual!
>
> :o)
>
> Rod.
>[/color]

Re: Do I need to escape this code?


Brent Palmer wrote:[color=blue]
> Try this.
> if (isset($_SESSIO N['user'])) {
> echo "<a href=\"$PHP_SEL F?action=log_ou t\"><img border=\"0\"[/color]
src=\"\"[color=blue]
> width=\"74\" height=\"74\">< p style=\"text-align: center\"></p></a>";
> }[/color]

Give that man a drink!

It's working. After looking at your suggestion and fiddling here and
there :o)

Thanks for all the suggestions!

Rod.

Re: Do I need to escape this code?


Brent Palmer wrote:[color=blue]
> Try this.
> if (isset($_SESSIO N['user'])) {
> echo "<a href=\"$PHP_SEL F?action=log_ou t\"><img border=\"0\"[/color]
src=\"\"[color=blue]
> width=\"74\" height=\"74\">< p style=\"text-align: center\"></p></a>";
> }[/color]

Give that man a drink!

It's working. After looking at your suggestion and fiddling here and
there :o)

Thanks for all the suggestions!

Rod.

Re: Do I need to escape this code?

Rod Carrol wrote:
[color=blue]
>
> Brent Palmer wrote:[color=green]
>> Try this.
>> if (isset($_SESSIO N['user'])) {
>> echo "<a href=\"$PHP_SEL F?action=log_ou t\"><img border=\"0\"[/color]
> src=\"\"[color=green]
>> width=\"74\" height=\"74\">< p style=\"text-align: center\"></p></a>";
>> }[/color]
>
> Give that man a drink![/color]

And a tip:

echo <<<LOGOUT;
<a href="$PHP_SELF ?action=log_out "><img border="0" src=""
width="74" height="74"><p style="text-align: center"></p></a>
LOGOUT

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

Re: Do I need to escape this code?

.oO(John Bokma)
[color=blue]
>And a tip:
>
>echo <<<LOGOUT;
><a href="$PHP_SELF ?action=log_out "><img border="0" src=""
> width="74" height="74"><p style="text-align: center"></p></a>
>LOGOUT[/color]

It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
paragraphs allowed inside an anchor element).

Micha

Re: Do I need to escape this code?

Michael Fesser wrote:
[color=blue]
> .oO(John Bokma)
>[color=green]
>>And a tip:
>>
>>echo <<<LOGOUT;
>><a href="$PHP_SELF ?action=log_out "><img border="0" src=""
>> width="74" height="74"><p style="text-align: center"></p></a>
>>LOGOUT[/color]
>
> It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
> paragraphs allowed inside an anchor element).[/color]

My HTML parser was in a good mood, and I assumed (read ignored): $PHP_SELF
set to $_SERVER[ 'PHP_SELF' ]

Anyway, I am often amazed on the use of backslashes outside languages as
Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
escaping them, e.g. my $var = qq("$interpolat e" me 'bar' 3' "foo");

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

Re: Do I need to escape this code?

.oO(John Bokma)
[color=blue]
>Anyway, I am often amazed on the use of backslashes outside languages as
>Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
>escaping them, e.g. my $var = qq("$interpolat e" me 'bar' 3' "foo");[/color]

HTML allows single quotes. :)

When printing out HTML code in most cases there's no need for escaping.

Micha

Re: Do I need to escape this code?

You could always use something like
my $var = addSlashes(""$i nterpolate" me 'bar' 3' "foo""); // adds slashes
in front of all quotes so they are ignored
or
my $var = htmlspecialchar s(""$interpolat e" me 'bar' 3' "foo""); // converts
quotes and other special chars to its equivalent HTML represetation. Eg.
&quote.

Brent Palmer.




"John Bokma" <postmaster@cas tleamber.com> wrote in message
news:Xns9616D3F 033BFFcastleamb er@130.133.1.4. ..[color=blue]
> Michael Fesser wrote:
>[color=green]
>> .oO(John Bokma)
>>[color=darkred]
>>>And a tip:
>>>
>>>echo <<<LOGOUT;
>>><a href="$PHP_SELF ?action=log_out "><img border="0" src=""
>>> width="74" height="74"><p style="text-align: center"></p></a>
>>>LOGOUT[/color]
>>
>> It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
>> paragraphs allowed inside an anchor element).[/color]
>
> My HTML parser was in a good mood, and I assumed (read ignored): $PHP_SELF
> set to $_SERVER[ 'PHP_SELF' ]
>
> Anyway, I am often amazed on the use of backslashes outside languages as
> Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
> escaping them, e.g. my $var = qq("$interpolat e" me 'bar' 3' "foo");
>
> --
> John MexIT: http://johnbokma.com/mexit/
> personal page: http://johnbokma.com/
> Experienced programmer available: http://castleamber.com/
> Happy Customers: http://castleamber.com/testimonials.html[/color]

Re: Do I need to escape this code?

Michael Fesser wrote:
[color=blue]
> .oO(John Bokma)
>[color=green]
>>Anyway, I am often amazed on the use of backslashes outside languages as
>>Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
>>escaping them, e.g. my $var = qq("$interpolat e" me 'bar' 3' "foo");[/color]
>
> HTML allows single quotes. :)[/color]

I know. I prefer "
[color=blue]
> When printing out HTML code in most cases there's no need for escaping.[/color]

yup, here docs. What I don't understand, and probably never will, is why
the developers of PHP only cloned half of Perls functionality. Now wait, I
understand: so they could add 50% garbage :-D.

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

Re: Do I need to escape this code?

Brent Palmer wrote:

please don't top post, fixed.
[color=blue][color=green]
>> Anyway, I am often amazed on the use of backslashes outside languages
>> as Perl. Doesn't PHP have a qq() (which is "" but allows "" inside
>> without escaping them, e.g. my $var = qq("$interpolat e" me 'bar' 3'
>> "foo");[/color][/color]
[color=blue]
> You could always use something like
> my $var = addSlashes(""$i nterpolate" me 'bar' 3' "foo""); // adds
> slashes in front of all quotes so they are ignored[/color]

aargh. I prefer heredocs.

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html