Folks,
Can you tell me which one of these 5 examples to use ?
““
//Eg 1.A.
//echo “<a href=”.htmlentities($page).$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>Final Page</a>”;
//Eg 1.B.
//echo ‘<a href=’.htmlentities($page).”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).”>Final Page</a>”;
//Eg 2.A.
//$link = “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>Final Page</a>”;
//htmlentities($link);
//echo $link;
//Eg 2.B.
$link = ‘<a href=’.”$page”.”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).’>Final Page</a>’;
htmlentities($link);
echo $link;
//Eg 3.
echo “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>$url_value_3</a>”;
It’s pagination section code. Need to use echo over printf here. Know how to securely echo with printf thanks to NogDog and so now need to securely output via echo.
Here is the context:
““
if($page > $total_pages)
{
$page = ‘search.php?’;
$url_key_1 = ‘&tbl=’;
$url_key_2 = ‘&col=’;
$url_key_3 = ‘&page=’;
$url_key_4 = ‘&search=’;
$url_value_1 = $tbl;
$url_value_2 = $col;
$url_value_3 = $total_pages;
$url_value_4 = $search;
//Eg 1.A.
//echo “<a href=”.htmlentities($page).$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>Final Page</a>”;
//Eg 1.B.
//echo ‘<a href=’.htmlentities($page).”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).”>Final Page</a>”;
//Eg 2.A.
//$link = “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>Final Page</a>”;
//htmlentities($link);
//echo $link;
//Eg 2.B.
//$link = ‘<a href=’.”$page”.”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).’>Final Page</a>’;
//htmlentities($link);
//echo $link;
//Eg 3.
echo “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>Final Page</a>”;
}
else
{
while($i <= $total_pages)
{
if($i == $page)
{
$page = ‘search.php?’;
$url_key_1 = ‘&tbl=’;
$url_key_2 = ‘&col=’;
$url_key_3 = ‘&page=’;
$url_key_4 = ‘&search=’;
$url_value_1 = $tbl;
$url_value_2 = $col;
$url_value_3 = $i;
$url_value_4 = $search;
//Eg 1.A.
//echo “<a href=”.htmlentities($page).$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”><b>$url_value_3</b></a>”;
//Eg 1.B.
//echo ‘<a href=’.htmlentities($page).”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).”><b>$url_value_3</b></a>”;
//Eg 2.A.
//$link = “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”><b>$url_value_3</b></a>”;
//htmlentities($link);
//echo $link;
//Eg 2.B.
//$link = ‘<a href=’.”$page”.”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).”><b>$url_value_3</b></a>”;
//htmlentities($link);
//echo $link;
//Eg 3.
echo “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”><b>$url_value_3</b></a>”;
}
else
{
$page = ‘search.php?’;
$url_key_1 = ‘&tbl=’;
$url_key_2 = ‘&col=’;
$url_key_3 = ‘&page=’;
$url_key_4 = ‘&search=’;
$url_value_1 = $tbl;
$url_value_2 = $col;
$url_value_3 = $i;
$url_value_4 = $search;
//Eg 1.A.
//echo “<a href=”.htmlentities($page).$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>$url_value_3</a>”;
//Eg 1.B.
//echo ‘<a href=’.htmlentities($page).”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).”>$url_value_3</a>”;
//Eg 2.A.
//$link = “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>$url_value_3</a>”;
//htmlentities($link);
//echo $link;
//Eg 2.B.
//$link = ‘<a href=’.”$page”.”$url_key_1″.urlencode($url_value_1).”$url_key_2″.urlencode($url_value_2).”$url_key_3″.INTVAL($url_value_3).”>$url_value_3</a>”;
//htmlentities($link);
//echo $link;
//Eg 3.
echo “<a href=”.$page.$url_key_1.urlencode($url_value_1).$url_key_2.urlencode($url_value_2).$url_key_3.INTVAL($url_value_3).”>$url_value_3</a>”;
}
$i++;
}
}
Is htmlentities() or htmlspecialchars() really needed here ? I didn’t use them on “Eg 3” and I favoured that example. What’s your opinion ?