On Mon, 2005-03-21 at 22:27 -0700, Joseph Sinclair wrote:
> Craig White wrote:
> 
> > <<SNIP>>
> >
> >----
> >I see said the blind man - of course I knew this but only considered it
> >in terms of html and to me - the html is the obstruction here and I've
> >been trying to live with it's ugliness only as little as necessary.
> >
> >the &apos / &quot stuff is a curveball...I'm simply trying to recycle
> >the string I used to locate records in sql db and do it again the same
> >way (removing the records not indicated by checkbox - see previous
> >detailed description) - I'm gathering the best way to handle this is to
> >send the 'unexpanded' string and the variable through the POST and
> >rebuild the string again in the target. 
> >
> >In my mind, I'm passing variables from php to php but because I need the
> >html interactivity, I have to deal with it's rules.
> >----
> >  
> >
> > <<SNIP>>
> 
> Actually, properly escaping the quotes in the string sent to HTML causes 
> the browser to expand it, and what comes back to the PHP input page 
> would be the fully expanded SQL string.  For reference, here's a quick 
> bit of HTML that will show what the browser page gets if you escape your 
> string like I showed:
> 
> <?xml version="1.0" encoding="utf-8"?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
> <head profile="http://www.w3.org/2000/08/w3c-synd/#">
> <title>Test Page</title>
> </head>
> <body>
> <input size="240" type="text" name="search_string" value="SELECT * from 
> horde_datatree WHERE user_uid = &quot;jennifer&quot; AND (group_uid = 
> &apos;horde.shares.kronolith&apos; OR group_uid = 
> &apos;horde.shares.nag&apos; OR group_uid = &apos;horde.shares.imp&apos; 
> OR group_uid = &apos;horde.shares.turba&apos; OR group_uid = 
> &apos;horde.shares.mnemo&apos;)">
> </body>
> </html>
> 
> Just paste that into a blank .html file, and open directly in your 
> browser, and you'll see what I mean.
> 
> Keep in mind, PHP doesn't exist to the client.  HTML isn't an 
> obstruction, it's the client-side part of your system.  If you want the 
> system to work in a reasonably consistent manner, you need to USE the 
> HTML, not just try to avoid it.
> 
> P.S.  If you actually code it according to W3C guidelines (especially 
> using CSS for text styling), XHTML has no ugliness, it's a very clean 
> and elegant mechanism for page description.  It's only when we follow 
> the "Microsoft way" of doing HTML that it becomes ugly.
----
got that - my problem is my 'string' already exists and is built and is
used in the source php file. To use your html example (and thanks for
the effort), I would have to rebuild the string for a second time to
pass it through - I was specifically trying to avoid that. In fact, if I
were to rebuild the string a second time, it would make more sense from
a number of standpoints to send the string and the variable through the
POST into the target php file and rebuild it there.

Craig

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss