unread
Gareth Ardron wrote:
$var = "foo=1&bar=2";
To clarify:
You should use $var = "foo=1&bar=2"; and then $var forheader()but
htmlspecialchar($var) for your href:
- HTTP-Headers must not be html-encoded.
- HTML-Attributes on the other hand have to be html-encoded.
Even though most browsers work with hrefs without html-encoding and some
browsers might understand & in HTTP-Headers this is not conforming
to the standards.Actually, & is the way you need to write it if you are going to be
perfectly standards-compliant.
That is correct for URLs in HTML. It is incorrect for HTTP headers
(there is no entity decoding involved).
It's just that nobody does this.
Really? My applications supply their own php.ini and always
contain
arg_separator.output = "&"
which is also listed in php.ini-dist.
You can
make PHP understand this by setting the separator in your php.ini file to
&
Nope, input separators are always one character wide.
- Sascha
unread
Actually, & is the way you need to write it if you are going to be
perfectly standards-compliant.That is correct for URLs in HTML. It is incorrect for HTTP headers (there is no entity decoding involved).
True, I should read instead of skim these messages.
It's just that nobody does this.
Really? My applications supply their own php.ini and always contain arg_separator.output = "&" which is also listed in php.ini-dist.
Ok, so very few people do this.
-R