Folks,
Imagine I building a Searchengine.
So now you type s keyword and hit the search button. My SE will now present you with links.
I wrote code in following for my MySql dB to present you with links related to your searched keywords:
[code]
//Get Result – Fetch Multiple Records.
$result = mysqli_stmt_get_result($stmt);
while($row = mysqli_fetch_assoc($result))
{
$id = $row[‘id’];
$url = $row[‘url’];
$anchor = $row[‘anchor’];
$link = ‘<a href=”‘ .$url .'”>’ .$anchor .'</a>’;
$description = $row[‘description’];
echo ‘Id: ‘ .$id .'<br>’;
echo ‘Url: ‘ .$url .'<br>’;
echo ‘Link: ‘ .$link .'<br>’;
echo ‘Description: ‘ .$description .'<br>’;
echo ‘<br><br>’;
}
The way, I am outputting the links onto your browser, am I gonna get hacked if I don’t urlencode() the links before outputting to your screen ? You the link searcher or keyword searcher.
If yes, then must I urldecode people’s submitted links during submission to my index/dB so my dB contains their submitted links in decoded format which I should get PHP to urlencode them before presenting them to users screens ?
For example, NogDog submits NogDog.com to my SE. Shall I dump NogDog.com as is or should I urldecode it first like following before dumping to my SE index (dB) ?
$link = NogDog.com;
urldecode($link);
And then when Somone like Sempervivum does a search related to Dogs then when my SE present links, like NogDog.com, must it echo on Sempervivum’s screen like so:
echo urlencode($link);
Yes or no ?
Or maybe I should urlencode during link submission to my dB (eg Nogdog.com submits his link to my SE) and urldecode when out putting link to keyword searcher’s screens (eg Sempervivum’s screen when he searches and gets presented with NogDog’s link) ?