470,866 Members | 1,878 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,866 developers. It's quick & easy.

$_SESSION['variable_name'], Invalid XHTML and &

http:/ / aquaticcreationsnc . com/lib/php/test.php

Remove the spaces to visit the link above...

The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to & when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.

Can anyone tell me how to get PHP to employ the &amp;
character in such cases?

Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?

The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?

Thanks.

Jim Carlock
Post replies to the group.
Feb 11 '06 #1
2 1616
"Jim Carlock" <an*******@127.0.0.1> wrote:
http:/ / aquaticcreationsnc . com/lib/php/test.php

Remove the spaces to visit the link above...
The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to &amp; when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.


Okay, I figured out how to get the separator working. The
rest of the questions about the security concerns are still
valid though. The fix for the "&" ampersand character passed
into the address bar... works great on both Windows and Unix
servers.

<?php
session_start();
ini_set("arg_separator.output", "&amp;");
?>

The other questions I'm leaving open here even though they
are a little off topic now...

--
Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?

The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?
--

Thanks.

Jim Carlock
Post replies to the group.
Feb 11 '06 #2
Jim Carlock wrote:
http:/ / aquaticcreationsnc . com/lib/php/test.php

Remove the spaces to visit the link above...

The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to &amp; when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.

Can anyone tell me how to get PHP to employ the &amp;
character in such cases?

Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?

The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?

Thanks.

Jim Carlock
Post replies to the group.


Jim,

It's not the validator. I get the tag here, also.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 11 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by Steve Fitzgerald | last post: by
6 posts views Thread by | last post: by
3 posts views Thread by Daniel Ruscoe | last post: by
2 posts views Thread by carramba | last post: by
4 posts views Thread by Ike | last post: by
4 posts views Thread by KDawg44 | last post: by
5 posts views Thread by webgenius | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.