What series of steps would be reqired to safely encode and pass a string from a html href using javascript to construct the link to a php program.
in javascript set up URL
// encodes a URI component.
path = "mypgm.php?from=" + encodeURIComponent(myvar) ;
in php:
// get passed variables
$myvar = isset($_GET['myvar']) ? ($_GET['myvar']) : '';
// decode - (make the string readable)
$myvar = (rawurldecode($myvar));
// converts characters to HTML entities (reduce risk of attack)
$myvar = htmlentities($myvar);
// maybe custom sanitize program as well?
// see [http://stackoverflow.com/questions/2668854/php-sanitizing-strings-to-make-them-url-and-filename-safe][1]
$myvar = sanitize($myvar);