Do I need to escape this code?

Hi!

After you all gave me some good advice recently, I'm back for more :o)

On my web site, I want to display a 'log out' icon with some text
underneath, ("Log out"), which, when clicked, will end a session.

This is the simple code I'm using for the icon:

<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
<img border="0" src="images/logout.gif" width="74" height="74">

This all works fine and, when clicked, the session is ended and the
user returns to my web site's home page.

Now's the complicated, (Well for me, anyway), bit; I only want to show
the 'log out' icon when the user is actually logged in.

So, I've been using isset to determine the session state:

<?php if (isset($_SESSION['user'])) {?>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
<img border="0" src="images/greenround.PNG" width="74" height="74">
<?php }?>

Now - this only partially works; yes, the icon is only shown when the
user is logged in - which is cool. However, when clicked it doesn't do
anything!

I think I should be escaping some code somewhere but I can't work it
out. And it's frustrating me!!

Any guidance on where this newbie is going wrong?

Thanks!

Rod.

Rod Carrol wrote:[color=blue]
> So, I've been using isset to determine the session state:
>
> <?php if (isset($_SESSION['user'])) {?>
> <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
> <img border="0" src="images/greenround.PNG" width="74" height="74"> style="text-align: center">
> <?php }?>
>
> Now - this only partially works; yes, the icon is only shown when the
> user is logged in - which is cool. However, when clicked it doesn't do
> anything![/color]

What does "doesn't do anything" mean?

Does the browser not follow the link?

Does the newly loaded page return a blank result?

Does it not perform the logout operation you expected? (If so, what does
it do instead?)

Does it perform the logout operation, but continue to display the logout
link?

How does your logout operation work? Has the logout operation already
run at the time this link is output? Does it explicitly clear
$_SESSION['user'] in a way that would cause isset() to return false?

Have you stepped through thte code to see what's being run and what the
values are?
[color=blue]
> I think I should be escaping some code somewhere but I can't work it
> out. And it's frustrating me!![/color]

What kind of thing do you think you would escape? It wouldn't hurt to
use htmlspecialchars() on $_SERVER['PHP_SELF'], but that isn't likely to
make a difference between the code snippets you posted.

Has any other part of your code changed?

-- brion vibber (brion @ pobox.com)

>>What does "doesn't do anything" mean?
[color=blue][color=green]
>>Does the browser not follow the link?[/color][/color]

Apologies - let me clarify. It doesn't follow the link. The user is not
logged out and the session is not ended.
[color=blue][color=green]
>> What kind of thing do you think you would escape?[/color][/color]

Well - I'm not sure! (I've only been learning php for the last couple
of months :o). The only reason I thought I may have an 'escape' issue
is because I found I had to escape the html code inside the php isset()
function in order to get the icon to display properly.

If I remove this isset() check then the icon is displayed and clicking
it logs me out successfully...

Rod.

Rod Carrol wrote:
[color=blue]
> This is the simple code I'm using for the icon:
>
> <a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
> <img border="0" src="images/logout.gif" width="74" height="74"> style="text-align: center">[/color]

If this is the actual statement the markup syntax is wrong. Where is
the closing tag for the anchor. The para cannot sit within the anchor
(block element in line element is wrong. So perhaps something like

<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out"><img
border="0" src="images/logout.gif" width="74" height="74"></a>

....

Louise

>>If this is the actual statement the markup syntax is wrong. Where is
[color=blue][color=green]
>>the closing tag for the anchor. The para cannot sit within the[/color][/color]
anchor[color=blue][color=green]
>>(block element in line element is wrong. So perhaps something like[/color][/color]

Thanks for the reply Louise!

Well - this section of code actually works for me! I did however make
the change you suggested...

....the code continues to work when used 'as-is' - however, when I
combine it with isset(), it fails to follow the link and terminate the
session.

I do apologise if I'm not being very clear about the problem. I thnk I
need to do a bit more reading of my PHP manual!

:o)

Rod.

Try this.
if (isset($_SESSION['user'])) {
echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\" src=\"\"
width=\"74\" height=\"74\"></a>";
}

Brent Palmer.

"Rod Carrol" <rodtheplodder@yahoo.co.uk> wrote in message
news:1110499447.321342.145020@l41g2000cwc.googlegr oups.com...[color=blue][color=green][color=darkred]
>>>If this is the actual statement the markup syntax is wrong. Where is[/color][/color]
>[color=green][color=darkred]
>>>the closing tag for the anchor. The para cannot sit within the[/color][/color]
> anchor[color=green][color=darkred]
>>>(block element in line element is wrong. So perhaps something like[/color][/color]
>
> Thanks for the reply Louise!
>
> Well - this section of code actually works for me! I did however make
> the change you suggested...
>
> ...the code continues to work when used 'as-is' - however, when I
> combine it with isset(), it fails to follow the link and terminate the
> session.
>
> I do apologise if I'm not being very clear about the problem. I thnk I
> need to do a bit more reading of my PHP manual!
>
> :o)
>
> Rod.
>[/color]

Brent Palmer wrote:[color=blue]
> Try this.
> if (isset($_SESSION['user'])) {
> echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\"[/color]
src=\"\"[color=blue]
> width=\"74\" height=\"74\"></a>";
> }[/color]

Give that man a drink!

It's working. After looking at your suggestion and fiddling here and
there :o)

Thanks for all the suggestions!

Rod.

Brent Palmer wrote:[color=blue]
> Try this.
> if (isset($_SESSION['user'])) {
> echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\"[/color]
src=\"\"[color=blue]
> width=\"74\" height=\"74\"></a>";
> }[/color]

Give that man a drink!

It's working. After looking at your suggestion and fiddling here and
there :o)

Thanks for all the suggestions!

Rod.

Rod Carrol wrote:
[color=blue]
>
> Brent Palmer wrote:[color=green]
>> Try this.
>> if (isset($_SESSION['user'])) {
>> echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\"[/color]
> src=\"\"[color=green]
>> width=\"74\" height=\"74\"></a>";
>> }[/color]
>
> Give that man a drink![/color]

And a tip:

echo <<<LOGOUT;
<a href="$PHP_SELF?action=log_out"><img border="0" src=""
width="74" height="74"></a>
LOGOUT

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

.oO(John Bokma)
[color=blue]
>And a tip:
>
>echo <<<LOGOUT;
><a href="$PHP_SELF?action=log_out"><img border="0" src=""
> width="74" height="74"></a>
>LOGOUT[/color]

It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
paragraphs allowed inside an anchor element).

Micha

Michael Fesser wrote:
[color=blue]
> .oO(John Bokma)
>[color=green]
>>And a tip:
>>
>>echo <<<LOGOUT;
>><a href="$PHP_SELF?action=log_out"><img border="0" src=""
>> width="74" height="74"></a>
>>LOGOUT[/color]
>
> It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
> paragraphs allowed inside an anchor element).[/color]

My HTML parser was in a good mood, and I assumed (read ignored): $PHP_SELF
set to $_SERVER[ 'PHP_SELF' ]

Anyway, I am often amazed on the use of backslashes outside languages as
Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

.oO(John Bokma)
[color=blue]
>Anyway, I am often amazed on the use of backslashes outside languages as
>Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
>escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");[/color]

HTML allows single quotes. :)

When printing out HTML code in most cases there's no need for escaping.

Micha

You could always use something like
my $var = addSlashes(""$interpolate" me 'bar' 3' "foo""); // adds slashes
in front of all quotes so they are ignored
or
my $var = htmlspecialchars(""$interpolate" me 'bar' 3' "foo""); // converts
quotes and other special chars to its equivalent HTML represetation. Eg.
&quote.

Brent Palmer.

"John Bokma" <postmaster@castleamber.com> wrote in message
news:Xns9616D3F033BFFcastleamber@130.133.1.4...[color=blue]
> Michael Fesser wrote:
>[color=green]
>> .oO(John Bokma)
>>[color=darkred]
>>>And a tip:
>>>
>>>echo <<<LOGOUT;
>>><a href="$PHP_SELF?action=log_out"><img border="0" src=""
>>> width="74" height="74"></a>
>>>LOGOUT[/color]
>>
>> It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
>> paragraphs allowed inside an anchor element).[/color]
>
> My HTML parser was in a good mood, and I assumed (read ignored): $PHP_SELF
> set to $_SERVER[ 'PHP_SELF' ]
>
> Anyway, I am often amazed on the use of backslashes outside languages as
> Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
> escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");
>
> --
> John MexIT: http://johnbokma.com/mexit/
> personal page: http://johnbokma.com/
> Experienced programmer available: http://castleamber.com/
> Happy Customers: http://castleamber.com/testimonials.html[/color]

Michael Fesser wrote:
[color=blue]
> .oO(John Bokma)
>[color=green]
>>Anyway, I am often amazed on the use of backslashes outside languages as
>>Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
>>escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");[/color]
>
> HTML allows single quotes. :)[/color]

I know. I prefer "
[color=blue]
> When printing out HTML code in most cases there's no need for escaping.[/color]

yup, here docs. What I don't understand, and probably never will, is why
the developers of PHP only cloned half of Perls functionality. Now wait, I
understand: so they could add 50% garbage :-D.

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

Brent Palmer wrote:

please don't top post, fixed.
[color=blue][color=green]
>> Anyway, I am often amazed on the use of backslashes outside languages
>> as Perl. Doesn't PHP have a qq() (which is "" but allows "" inside
>> without escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3'
>> "foo");[/color][/color]
[color=blue]
> You could always use something like
> my $var = addSlashes(""$interpolate" me 'bar' 3' "foo""); // adds
> slashes in front of all quotes so they are ignored[/color]

aargh. I prefer heredocs.

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

re: Do I need to escape this code?

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about