I select a list of names from mysqli database then display row details in display.php with if (isset($_GET['name'])); The link is
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=$str'>$str</a></td></tr>";
This executes correctly unless name contains '(apostrophe).
For instance $str
(as input/click) shows as L'ECLIPSE
but the <a>
link only L'
The result in display.php is 'No data found for your request'
I have found exact same queries on this site but none of the answers have resolved my problem. Perhaps I am not implementing correctly. I assume this is about escaping. But I know little about it.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=".urlencode($str)."'>$str</a></td></tr>";
urlencode() the string first. So you don't get this kind of problems.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=".$str."'>$str</a></td></tr>";
Try this code.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?
name=".htmlspecialchars($str)."'>$str</a></td></tr>";
?>
Your Single quote becomes '
I hope it will help
You have to use htmlspecialchars($str)
What it does is it switches all special characters to their respective html equivalent
for example:
' -> '
" -> "
and so on.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.