David Shadovitz wrote:
I'm new to PHP and can use some help with avoiding HTML entity
trouble.
I've got a page which creates a hyperlink as follows:
printf('<a href="%s?txtFilter=%s">%s</a>', $_SERVER['PHP_SELF'],
$txtFilter, $text);
Let's say that the value of $txtFilter is:
directory LIKE '%data1/%'
I hope you aren't passing around SQL statements to be executed. That's wide
open for abuse.
Clicking on this link takes me to this page:
http://www.mydomain.com/dspItem.php?txtFilter=directory%20LIKE%20'%data1/%'
Then your browser is already correcting for your errors. Not all do so in
the same way. The HTML you are producing is:
<a href="dspItem.php?txtFilter=directory LIKE '%data1/%'">...</a>
That contains plenty of errors. To include special characters in the query
string portion of a URL, you need to encode them. PHP provides urlencode()
to do this.
I then display the value of the URL variable $txtFilter in an HTML
text field:
printf("Filter: <input type='text' name='txtFilter' value='%s'>",
htmlspecialchars($txtFilter, ENT_QUOTES));
The problem is that it is displayed in the text field as
dir LIKE 'Uta1/%'
where the U has an acute accent. The "%da" is being displayed as an
acute-accented U.
That is because %da is the encoded form of an acute-accented U. The %
character has a special meaning within query strings, so you need to encode
it as %25. urlencode() will do this for you, along with any other special
characters, such as spaces (%20).
PS: None of this is related to HTML entities. You are handling that with
the htmlspecialchars() function already. Try 'View source' to help debug
things occasionally.
--
Jim Dabell