ansaurus

Question

Answer 1

+2 A:

URL encoding is different than what you want to do it sounds like. Try changing URL encode to htmlentities, which will get rid of the '+' and the &26; but will still protect you from XSS / script injection into your webpages.

Example #1 A htmlentities() example
<?php
$str = "A 'quote' is <b>bold</b>";

// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str);

// Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str, ENT_QUOTES);
?>

From the PHP Manual

Tommy 2010-07-12 10:54:27

I tried htmlentities but it just returns the first word of the string.

Scott 2010-07-12 11:13:04

what is your actual HTML output (not what is rendered through the browser)?

Tommy 2010-07-12 12:16:04

your reference to htmlentities help me find the problem.it was simply value=". "\"" . $row['ADD1']."\"". " >";ie surround the variable with double quotes.

Scott 2010-07-12 12:21:11

Answer 2

A:

Don't add those symbols in the first place. The urlencode() function, as its name suggests, is used to generate URLs. You probably want to use htmlspecialchars().

I tried htmlentities but it just returns the first word of the string.

Your HTML is invalid. You need to use quotes so your attributes can contain spaces. Compare:

<input name=user value=foo bar id=foo>
<input name="user" value="foo bar" id="foo">

Álvaro G. Vicario 2010-07-12 11:27:43

ansaurus

tags:

views:

answers:

urlencode/urldecode problem

related questions