Re: $_SESSION['variable_name'], Invalid XHTML and &
- From: "Jim Carlock" <anonymous@xxxxxxxxx>
- Date: Sat, 11 Feb 2006 06:49:50 GMT
"Jim Carlock" <anonymous@xxxxxxxxx> wrote:
http:/ / aquaticcreationsnc . com/lib/php/test.php
Remove the spaces to visit the link above...
The w3 validator identifies the ampersand character as the
leading character for special character sequences. And as
such, all ampersands should be converted to & when
employed as part of a URI. So I configured that manually,
for my own parameters. However, I think what I'm seeing
here with the validator, is that the validator does not activate
cookies and thereby PHP automatically adds an <input>
tag with the PHPSESSID.
Okay, I figured out how to get the separator working. The
rest of the questions about the security concerns are still
valid though. The fix for the "&" ampersand character passed
into the address bar... works great on both Windows and Unix
servers.
<?php
session_start();
ini_set("arg_separator.output", "&");
?>
The other questions I'm leaving open here even though they
are a little off topic now...
--
Also, do any security risks exist? Should I be parsing the
address line passed and checking to see if anyone is trying
to pass <?PHP tags in that line?
The variables working there, are some $_GET['$iPic'] and
$_GET['$iCategory'] placed inside the hidden form input tags.
I'm seeing that PHP automatically adds an extra <input> tag?
Is that correct?
--
Thanks.
Jim Carlock
Post replies to the group.
.
- References:
- $_SESSION['variable_name'], Invalid XHTML and &
- From: Jim Carlock
- $_SESSION['variable_name'], Invalid XHTML and &
- Prev by Date: Re: REQ Been racking my brain trying to figure out how to prevent multiple login with same username
- Next by Date: Re: Htaccess question w/ mod rewrite
- Previous by thread: $_SESSION['variable_name'], Invalid XHTML and &
- Next by thread: Re: $_SESSION['variable_name'], Invalid XHTML and &
- Index(es):
Relevant Pages
|
