safely encode and pass a string from a html link to PHP program

Posted by bert on Stack Overflow See other posts from Stack Overflow or by bert
Published on 2010-04-20T02:30:20Z Indexed on 2010/04/20 2:33 UTC
Read the original article Hit count: 325

Filed under:
|
|
|
|

What series of steps would be reqired to safely encode and pass a string from a html href using javascript to construct the link to a php program.

in javascript set up URL

// encodes a URI component.
path = "mypgm.php?from=" + encodeURIComponent(myvar) ;

in php:

// get passed variables
$myvar = isset($_GET['myvar']) ? ($_GET['myvar']) : ''; 

// decode - (make the string  readable)
$myvar = (rawurldecode($myvar));

// converts characters to HTML entities (reduce risk of attack)
$myvar = htmlentities($myvar);

// maybe custom sanitize program as well?
// see [http://stackoverflow.com/questions/2668854/php-sanitizing-strings-to-make-them-url-and-filename-safe][1]
$myvar = sanitize($myvar);

© Stack Overflow or respective owner

Related posts about javscript

Related posts about php