diff --git a/functions/url.xml b/functions/url.xml index 95d0ad249e..1061bcc6d7 100644 --- a/functions/url.xml +++ b/functions/url.xml @@ -221,12 +221,31 @@ while ($i < count ($a)) { <function>Urlencode</function> example -echo '<A HREF="mycgi?foo=', urlencode ($userinput), '">'; +echo '<A HREF="mycgi?foo=', urlencode ($userinput), '">'; + Note: Be careful about variables that may match HTML entities. + Things like &amp, &copy and &pound are parsed by the browser + and the actual entity is used instead of the desired variable name. This + is an obvious hassle that the W3C has been telling people about for years. + The reference is here: &url.argsep; + PHP supports changing the argument separator to the W3C-suggested + semi-colon through the arg_separator .ini directive. Unfortunately most + user agents do not send form data in this semi-colon separated format. + A more portable way around this is to use &amp; instead of & as the + separator. You don't need to change PHP's arg_separator for this. Leave + it as &, but simply encode your URLs using: + + <function>Urlencode/htmlentities</function> example + +echo '<A HREF="mycgi?foo=', htmlentities (urlencode ($userinput) ), '">'; + + + See also urldecode, + htmlentities, rawurldecode, rawurlencode.