Craig White wrote:
> <<SNIP>>
>
>----
>I see said the blind man - of course I knew this but only considered it
>in terms of html and to me - the html is the obstruction here and I've
>been trying to live with it's ugliness only as little as necessary.
>
>the &apos / " stuff is a curveball...I'm simply trying to recycle
>the string I used to locate records in sql db and do it again the same
>way (removing the records not indicated by checkbox - see previous
>detailed description) - I'm gathering the best way to handle this is to
>send the 'unexpanded' string and the variable through the POST and
>rebuild the string again in the target.
>
>In my mind, I'm passing variables from php to php but because I need the
>html interactivity, I have to deal with it's rules.
>----
>
>
> <<SNIP>>
Actually, properly escaping the quotes in the string sent to HTML causes
the browser to expand it, and what comes back to the PHP input page
would be the fully expanded SQL string. For reference, here's a quick
bit of HTML that will show what the browser page gets if you escape your
string like I showed:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="
http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head profile="
http://www.w3.org/2000/08/w3c-synd/#">
<title>Test Page</title>
</head>
<body>
<input size="240" type="text" name="search_string" value="SELECT * from
horde_datatree WHERE user_uid = "jennifer" AND (group_uid =
'horde.shares.kronolith' OR group_uid =
'horde.shares.nag' OR group_uid = 'horde.shares.imp'
OR group_uid = 'horde.shares.turba' OR group_uid =
'horde.shares.mnemo')">
</body>
</html>
Just paste that into a blank .html file, and open directly in your
browser, and you'll see what I mean.
Keep in mind, PHP doesn't exist to the client. HTML isn't an
obstruction, it's the client-side part of your system. If you want the
system to work in a reasonably consistent manner, you need to USE the
HTML, not just try to avoid it.
P.S. If you actually code it according to W3C guidelines (especially
using CSS for text styling), XHTML has no ugliness, it's a very clean
and elegant mechanism for page description. It's only when we follow
the "Microsoft way" of doing HTML that it becomes ugly.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)