On Mon, 2005-03-21 at 22:27 -0700, Joseph Sinclair wrote:
> Craig White wrote:
>
> > <<SNIP>>
> >
> >----
> >I see said the blind man - of course I knew this but only considered it
> >in terms of html and to me - the html is the obstruction here and I've
> >been trying to live with it's ugliness only as little as necessary.
> >
> >the &apos / " stuff is a curveball...I'm simply trying to recycle
> >the string I used to locate records in sql db and do it again the same
> >way (removing the records not indicated by checkbox - see previous
> >detailed description) - I'm gathering the best way to handle this is to
> >send the 'unexpanded' string and the variable through the POST and
> >rebuild the string again in the target.
> >
> >In my mind, I'm passing variables from php to php but because I need the
> >html interactivity, I have to deal with it's rules.
> >----
> >
> >
> > <<SNIP>>
>
> Actually, properly escaping the quotes in the string sent to HTML causes
> the browser to expand it, and what comes back to the PHP input page
> would be the fully expanded SQL string. For reference, here's a quick
> bit of HTML that will show what the browser page gets if you escape your
> string like I showed:
>
> <?xml version="1.0" encoding="utf-8"?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
> <head profile="http://www.w3.org/2000/08/w3c-synd/#">
> <title>Test Page</title>
> </head>
> <body>
> <input size="240" type="text" name="search_string" value="SELECT * from
> horde_datatree WHERE user_uid = "jennifer" AND (group_uid =
> 'horde.shares.kronolith' OR group_uid =
> 'horde.shares.nag' OR group_uid = 'horde.shares.imp'
> OR group_uid = 'horde.shares.turba' OR group_uid =
> 'horde.shares.mnemo')">
> </body>
> </html>
>
> Just paste that into a blank .html file, and open directly in your
> browser, and you'll see what I mean.
>
> Keep in mind, PHP doesn't exist to the client. HTML isn't an
> obstruction, it's the client-side part of your system. If you want the
> system to work in a reasonably consistent manner, you need to USE the
> HTML, not just try to avoid it.
>
> P.S. If you actually code it according to W3C guidelines (especially
> using CSS for text styling), XHTML has no ugliness, it's a very clean
> and elegant mechanism for page description. It's only when we follow
> the "Microsoft way" of doing HTML that it becomes ugly.
----
got that - my problem is my 'string' already exists and is built and is
used in the source php file. To use your html example (and thanks for
the effort), I would have to rebuild the string for a second time to
pass it through - I was specifically trying to avoid that. In fact, if I
were to rebuild the string a second time, it would make more sense from
a number of standpoints to send the string and the variable through the
POST into the target php file and rebuild it there.
Craig
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)