473,414 Members | 1,626 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > do i need to escape this code?

Join Bytes to post your question to a community of 473,414 software developers and data experts.

Do I need to escape this code?

Hi!

After you all gave me some good advice recently, I'm back for more :o)

On my web site, I want to display a 'log out' icon with some text
underneath, ("Log out"), which, when clicked, will end a session.

This is the simple code I'm using for the icon:

<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
<img border="0" src="images/logout.gif" width="74" height="74"><p
style="text-align: center">

This all works fine and, when clicked, the session is ended and the
user returns to my web site's home page.

Now's the complicated, (Well for me, anyway), bit; I only want to show
the 'log out' icon when the user is actually logged in.

So, I've been using isset to determine the session state:

<?php if (isset($_SESSION['user'])) {?>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
<img border="0" src="images/greenround.PNG" width="74" height="74"><p
style="text-align: center">
<?php }?>

Now - this only partially works; yes, the icon is only shown when the
user is logged in - which is cool. However, when clicked it doesn't do
anything!

I think I should be escaping some code somewhere but I can't work it
out. And it's frustrating me!!

Any guidance on where this newbie is going wrong?

Thanks!

Rod.
Jul 17 '05 #1
14 1728
Rod Carrol wrote:
So, I've been using isset to determine the session state:

<?php if (isset($_SESSION['user'])) {?>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
<img border="0" src="images/greenround.PNG" width="74" height="74"><p
style="text-align: center">
<?php }?>

Now - this only partially works; yes, the icon is only shown when the
user is logged in - which is cool. However, when clicked it doesn't do
anything!
What does "doesn't do anything" mean?

Does the browser not follow the link?

Does the newly loaded page return a blank result?

Does it not perform the logout operation you expected? (If so, what does
it do instead?)

Does it perform the logout operation, but continue to display the logout
link?

How does your logout operation work? Has the logout operation already
run at the time this link is output? Does it explicitly clear
$_SESSION['user'] in a way that would cause isset() to return false?

Have you stepped through thte code to see what's being run and what the
values are?
I think I should be escaping some code somewhere but I can't work it
out. And it's frustrating me!!


What kind of thing do you think you would escape? It wouldn't hurt to
use htmlspecialchars() on $_SERVER['PHP_SELF'], but that isn't likely to
make a difference between the code snippets you posted.

Has any other part of your code changed?

-- brion vibber (brion @ pobox.com)
Jul 17 '05 #2
>>What does "doesn't do anything" mean?
Does the browser not follow the link?
Apologies - let me clarify. It doesn't follow the link. The user is not
logged out and the session is not ended.
What kind of thing do you think you would escape?


Well - I'm not sure! (I've only been learning php for the last couple
of months :o). The only reason I thought I may have an 'escape' issue
is because I found I had to escape the html code inside the php isset()
function in order to get the icon to display properly.

If I remove this isset() check then the icon is displayed and clicking
it logs me out successfully...

Rod.

Jul 17 '05 #3
Rod Carrol wrote:
This is the simple code I'm using for the icon:

<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out">
<img border="0" src="images/logout.gif" width="74" height="74"><p
style="text-align: center">


If this is the actual statement the markup syntax is wrong. Where is
the closing tag for the anchor. The para cannot sit within the anchor
(block element in line element is wrong. So perhaps something like

<a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=log_out"><img
border="0" src="images/logout.gif" width="74" height="74"></a>

<p style="text-align: center">....</p>

Louise
Jul 17 '05 #4
>>If this is the actual statement the markup syntax is wrong. Where is
the closing tag for the anchor. The para cannot sit within the anchor(block element in line element is wrong. So perhaps something like


Thanks for the reply Louise!

Well - this section of code actually works for me! I did however make
the change you suggested...

....the code continues to work when used 'as-is' - however, when I
combine it with isset(), it fails to follow the link and terminate the
session.

I do apologise if I'm not being very clear about the problem. I thnk I
need to do a bit more reading of my PHP manual!

:o)

Rod.

Jul 17 '05 #5
Try this.
if (isset($_SESSION['user'])) {
echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\" src=\"\"
width=\"74\" height=\"74\"><p style=\"text-align: center\"></p></a>";
}
Brent Palmer.


"Rod Carrol" <ro***********@yahoo.co.uk> wrote in message
news:11**********************@l41g2000cwc.googlegr oups.com...
If this is the actual statement the markup syntax is wrong. Where isthe closing tag for the anchor. The para cannot sit within the anchor(block element in line element is wrong. So perhaps something like


Thanks for the reply Louise!

Well - this section of code actually works for me! I did however make
the change you suggested...

...the code continues to work when used 'as-is' - however, when I
combine it with isset(), it fails to follow the link and terminate the
session.

I do apologise if I'm not being very clear about the problem. I thnk I
need to do a bit more reading of my PHP manual!

:o)

Rod.

Jul 17 '05 #6

Brent Palmer wrote:
Try this.
if (isset($_SESSION['user'])) {
echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\" src=\"\" width=\"74\" height=\"74\"><p style=\"text-align: center\"></p></a>";
}


Give that man a drink!

It's working. After looking at your suggestion and fiddling here and
there :o)

Thanks for all the suggestions!

Rod.

Jul 17 '05 #7

Brent Palmer wrote:
Try this.
if (isset($_SESSION['user'])) {
echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\" src=\"\" width=\"74\" height=\"74\"><p style=\"text-align: center\"></p></a>";
}


Give that man a drink!

It's working. After looking at your suggestion and fiddling here and
there :o)

Thanks for all the suggestions!

Rod.

Jul 17 '05 #8
Rod Carrol wrote:

Brent Palmer wrote:
Try this.
if (isset($_SESSION['user'])) {
echo "<a href=\"$PHP_SELF?action=log_out\"><img border=\"0\"

src=\"\"
width=\"74\" height=\"74\"><p style=\"text-align: center\"></p></a>";
}


Give that man a drink!


And a tip:

echo <<<LOGOUT;
<a href="$PHP_SELF?action=log_out"><img border="0" src=""
width="74" height="74"><p style="text-align: center"></p></a>
LOGOUT

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
Jul 17 '05 #9
.oO(John Bokma)
And a tip:

echo <<<LOGOUT;
<a href="$PHP_SELF?action=log_out"><img border="0" src=""
width="74" height="74"><p style="text-align: center"></p></a>
LOGOUT


It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
paragraphs allowed inside an anchor element).

Micha
Jul 17 '05 #10
Michael Fesser wrote:
.oO(John Bokma)
And a tip:

echo <<<LOGOUT;
<a href="$PHP_SELF?action=log_out"><img border="0" src=""
width="74" height="74"><p style="text-align: center"></p></a>
LOGOUT


It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
paragraphs allowed inside an anchor element).


My HTML parser was in a good mood, and I assumed (read ignored): $PHP_SELF
set to $_SERVER[ 'PHP_SELF' ]

Anyway, I am often amazed on the use of backslashes outside languages as
Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
Jul 17 '05 #11
.oO(John Bokma)
Anyway, I am often amazed on the use of backslashes outside languages as
Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");


HTML allows single quotes. :)

When printing out HTML code in most cases there's no need for escaping.

Micha
Jul 17 '05 #12
You could always use something like
my $var = addSlashes(""$interpolate" me 'bar' 3' "foo""); // adds slashes
in front of all quotes so they are ignored
or
my $var = htmlspecialchars(""$interpolate" me 'bar' 3' "foo""); // converts
quotes and other special chars to its equivalent HTML represetation. Eg.
&quote.

Brent Palmer.


"John Bokma" <po********@castleamber.com> wrote in message
news:Xn*************************@130.133.1.4...
Michael Fesser wrote:
.oO(John Bokma)
And a tip:

echo <<<LOGOUT;
<a href="$PHP_SELF?action=log_out"><img border="0" src=""
width="74" height="74"><p style="text-align: center"></p></a>
LOGOUT


It should still be $_SERVER['PHP_SELF']. And the HTML is invalid (no
paragraphs allowed inside an anchor element).


My HTML parser was in a good mood, and I assumed (read ignored): $PHP_SELF
set to $_SERVER[ 'PHP_SELF' ]

Anyway, I am often amazed on the use of backslashes outside languages as
Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html

Jul 17 '05 #13
Michael Fesser wrote:
.oO(John Bokma)
Anyway, I am often amazed on the use of backslashes outside languages as
Perl. Doesn't PHP have a qq() (which is "" but allows "" inside without
escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3' "foo");
HTML allows single quotes. :)


I know. I prefer "
When printing out HTML code in most cases there's no need for escaping.


yup, here docs. What I don't understand, and probably never will, is why
the developers of PHP only cloned half of Perls functionality. Now wait, I
understand: so they could add 50% garbage :-D.

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
Jul 17 '05 #14
Brent Palmer wrote:

please don't top post, fixed.
Anyway, I am often amazed on the use of backslashes outside languages
as Perl. Doesn't PHP have a qq() (which is "" but allows "" inside
without escaping them, e.g. my $var = qq("$interpolate" me 'bar' 3'
"foo");
You could always use something like
my $var = addSlashes(""$interpolate" me 'bar' 3' "foo""); // adds
slashes in front of all quotes so they are ignored


aargh. I prefer heredocs.

--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
Jul 17 '05 #15
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
I need a little help with Tkinter Entry widget
by: Phil Schmidt | last post by:
I'm trying to make a custom entry widget, as in the code that follows. There are two problems I'm trying to fix: 1) I would like the widget to behave as myEntry.Escape() does now, except that it...
Python
3
need help on openning a new window
by: Yaqian | last post by:
Hi, I want to open a new window without tool bar, address bar and status bar. then inside the page, there are a few links, i want, when clicking a link, a new window opens, but still without tool...
Javascript
3
"Object invalid or not set" error message - related to trapping the Escape key???
by: Paul | last post by:
I have an Access 2000 database with a form that is giving me some major headaches. When you open the form, it displays all records and allows editing, but has AllowAdditions set to False so that...
Microsoft Access / VBA
18
Unwanted Escape Codes In String...
by: Steve Litvack | last post by:
Hello, I have built an XMLDocument object instance and I get the following string when I examine the InnerXml property: <?xml version=\"1.0\"?><ROOT><UserData UserID=\"2282\"><Tag1...
C# / C Sharp
3
What Happens To Escape Characters?
by: Guadala Harry | last post by:
I'd like to know the answer to the following question so I can know what to expect with regard to other similar uses of escape characters and strings. While everything works fine - I'd like to know...
ASP.NET
16
how to find that escape key is pressed while taking the string
by: sudhir | last post by:
hi how to check escape key is pressed when accepting the string as input. Because I do not want to receive a string if user presses the ESCAPE key.. I used ascii code for comparision but I...
C / C++
15
Escape Character \e does not work
by: pkaeowic | last post by:
I am having a problem with the "escape" character \e. This code is in my Windows form KeyPress event. The compiler gives me "unrecognized escape sequence" even though this is documented in MSDN....
C# / C Sharp
131
A critique of cgi.escape
by: Lawrence D'Oliveiro | last post by:
The "escape" function in the "cgi" module escapes characters with special meanings in HTML. The ones that need escaping are '<', '&' and '"'. However, cgi.escape only escapes the quote character if...
Python
5
why is the backslash-space combo a escape sequence 040
by: vlsidesign | last post by:
The printf function returns "warning: unknown escape sequence: \040" for a backslash-space combination. If the ascii decimal number for space is 32 and the backslash is 92, why this particular...
C / C++
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!