Re: [PHP] URLencode issues - halp! - code included

2003-01-24 Thread Marek Kilimajer 
besides urlencode you should also use htmlspecialchars

SpyProductions Support Team wrote:


Here is some code:


From a form, I get username as $name and it goes to the processing file for

the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print "
CONTENT='0;URL=http://somedestination.php?name=$data'>";



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print "You entered an invalid name.  Please stop and call us
at"; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







 

-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!


Mike --

...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like "rt'$%^*&'rt" is perfectly allowable.

Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything.  No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)


HTH & HAND

:-D
--
David T-G  * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, "Science
and Health"
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


   




 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread Chris Shiflett 
--- SpyProductions Support Team
<[EMAIL PROTECTED]> wrote:
> So what is the decode part for then?  Earlier versions of
> PHP?

No, it is for decoding URL-encoded strings, just as you
would expect.

The reason you do not need to decode URL variables is
because they are not URL-encoded by the time your script
executes.

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread SpyProductions Support Team 
So what is the decode part for then?  Earlier versions of PHP?

:)

Thanks,

-Mike

  -Original Message-
  From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, January 23, 2003 4:43 PM
  To: [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Subject: Re: [PHP] URLencode issues - halp! - code included


  Take the
$name = urldecode($name);bit out.  The decoding is all handled by PHP before
your script runs.  Also, you should look into using $_GET['name'] instead of
$name.

  SpyProductions Support Team wrote:

Here is some code:

>From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print "";



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print "You entered an invalid name.  Please stop and call us
at"; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







  -Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!


Mike --

...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like "rt'$%^*&'rt" is perfectly allowable.

Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything.  No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)


HTH & HAND

:-D
--
David T-G  * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, "Science
and Health"
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!







--
The above message is encrypted with double rot13 encoding.  Any unauthorized
attempt to decrypt it will be prosecuted to the full extent of the law.

Re: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread Leif K-Brooks 
Take the

$name = urldecode($name);

bit out.  The decoding is all handled by PHP before your script runs. 
Also, you should look into using $_GET['name'] instead of $name.

SpyProductions Support Team wrote:

Here is some code:


From a form, I get username as $name and it goes to the processing file for

the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print "
CONTENT='0;URL=http://somedestination.php?name=$data'>";



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print "You entered an invalid name.  Please stop and call us
at"; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







 

-Original Message-
From: David T-G [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 23, 2003 3:31 PM
To: PHP General list
Cc: SpyProductions Support Team
Subject: Re: [PHP] URLencode issues - halp!


Mike --

...and then SpyProductions Support Team said...
%
% I am having some issues, apparently, with URL encode.
...
%
% I decided to use this because people are allowed to use *any*
key as part of
% their name, so a name like "rt'$%^*&'rt" is perfectly allowable.

Makes sense, but I'd use base64_encode (with base64_decode, of course)
rather than urlencode; it will properly shield everything.  No, I don't
know why 'normal' names fail and goofy ones don't; without some code and
some specific examples we can't really tell too well :-)


HTH & HAND

:-D
--
David T-G  * There is too much animal courage in
(play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED]  -- Mary Baker Eddy, "Science
and Health"
http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


   




 


--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.

RE: [PHP] URLencode issues - halp! - code included

2003-01-23 Thread SpyProductions Support Team 

Here is some code:

>From a form, I get username as $name and it goes to the processing file for
the form, where a sale happens and it sends the code to a different server
like this:


$data = urlencode($name);
print "";



That server then processes the person and puts them into the MySQL - but if
the name is bad, it errors out and stops the script:

$name = urldecode($name);
if(!$name) { print "You entered an invalid name.  Please stop and call us
at"; }
else {  Inserts record into database. }



That's it.  It doesn't seem to matter what the name entered is; there is no
rhyme or reason (seemingly) to the names it fails on (as per my previous
post).

urlencode may just be a flaky thing to use?  Perhaps depending on the
browser?

Thanks,

-Mike







> -Original Message-
> From: David T-G [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 23, 2003 3:31 PM
> To: PHP General list
> Cc: SpyProductions Support Team
> Subject: Re: [PHP] URLencode issues - halp!
>
>
> Mike --
>
> ...and then SpyProductions Support Team said...
> %
> % I am having some issues, apparently, with URL encode.
> ...
> %
> % I decided to use this because people are allowed to use *any*
> key as part of
> % their name, so a name like "rt'$%^*&'rt" is perfectly allowable.
>
> Makes sense, but I'd use base64_encode (with base64_decode, of course)
> rather than urlencode; it will properly shield everything.  No, I don't
> know why 'normal' names fail and goofy ones don't; without some code and
> some specific examples we can't really tell too well :-)
>
>
> HTH & HAND
>
> :-D
> --
> David T-G  * There is too much animal courage in
> (play) [EMAIL PROTECTED] * society and not sufficient moral courage.
> (work) [EMAIL PROTECTED]  -- Mary Baker Eddy, "Science
> and Health"
> http://justpickone.org/davidtg/  Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php