473,507 Members | 2,472 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

$_SESSION['variable_name'], Invalid XHTML and &

http:/ / aquaticcreationsnc . com/lib/php/test.php

Remove the spaces to visit the link above...

The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to & when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.

Can anyone tell me how to get PHP to employ the &amp;
character in such cases?

Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?

The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?

Thanks.

Jim Carlock
Post replies to the group.
Feb 11 '06 #1
2 1727
"Jim Carlock" <an*******@127.0.0.1> wrote:
http:/ / aquaticcreationsnc . com/lib/php/test.php

Remove the spaces to visit the link above...
The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to &amp; when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.


Okay, I figured out how to get the separator working. The
rest of the questions about the security concerns are still
valid though. The fix for the "&" ampersand character passed
into the address bar... works great on both Windows and Unix
servers.

<?php
session_start();
ini_set("arg_separator.output", "&amp;");
?>

The other questions I'm leaving open here even though they
are a little off topic now...

--
Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?

The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?
--

Thanks.

Jim Carlock
Post replies to the group.
Feb 11 '06 #2
Jim Carlock wrote:
http:/ / aquaticcreationsnc . com/lib/php/test.php

Remove the spaces to visit the link above...

The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to &amp; when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.

Can anyone tell me how to get PHP to employ the &amp;
character in such cases?

Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?

The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?

Thanks.

Jim Carlock
Post replies to the group.


Jim,

It's not the validator. I get the tag here, also.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 11 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
8
12652
Login script validation & sessions
by: Steve Fitzgerald | last post by:
The below login script does work. The form does not seem to be submitting. I keep getting the username and password fields. The only errors I get are notices that email and password and undefined...
PHP
6
2197
session & browsers (final)
by: | last post by:
I ask something relative later but the answer make me cry ;-) If we duplicate the browser window (both in IE / Mozilla), both of 2 browser windows use the same session!!! This produces many...
PHP
3
5878
PHP & Cookies order form
by: Daniel Ruscoe | last post by:
Hi chaps, I'm relatively new to the language, but I want to create a simple order form using PHP and cookies. Please let me know if there's a better way in this situation, database isn't...
PHP
2
3399
$_GET & $_SESSION conflikt?
by: carramba | last post by:
Hi! Tahnx for taking time and reading! This script should load default page and default stylesheet, but its only loads default page, you have to actualy click on the style link to load style......
PHP
4
1577
globals & session
by: Ike | last post by:
if you are programming a php-page and you use the following, what will be the result? <form action=test.php method=post> name: <input type=text name=naam><br> id: <input type=text...
PHP
0
981
Testing for an Invalid Exchange Server (CDO 1.21 & VB.NET)
by: jayeldee | last post by:
Hello all, I have a service that's using CDO 1.21 and Redemption to routinely iterate through a list of users to retrieve some properties which are then written to a database. My problem is...
Visual Basic .NET
4
2040
PHP & AJAX
by: KDawg44 | last post by:
Hi, I have a feeling this is a dumb question, but I am exploring AJAX and PHP. I would like to write my PHP in an Object Oriented approach. What is the limitation on what I can return in AJAX? ...
PHP
5
2561
Remember Username & Password
by: webgenius | last post by:
At present I'm using $_SESSION to create and store the login details. But I'm not able to access this session variable. Is there any way for the website to remember these details? ...
PHP
4
6277
Please Help - Undefined index & Invalid argument supplied for foreach()
by: mattehz | last post by:
Hey there, I am trying to upload old source files and came across these errors: Warning: Invalid argument supplied for foreach() in /home/mattehz/public_html/acssr/trunk/inc_html.php on line 59...
PHP
0
7223
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7321
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7377
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
5623
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
5045
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4702
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3191
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3179
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1544
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us