Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > Pro PHP
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Pro PHP Advanced PHP coding discussions. Beginning-level questions will be redirected to the Beginning PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Pro PHP section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 28th, 2004, 07:05 PM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 2 Times in 2 Posts
Default session.use_trans_sid is driving me crazy!!

Here we go:

Still building the FPro site, I replaced everything with <div>s (thanks Rich + Ben) but now I have a different kind of problem.....

I am retrieving the values of sections from my database, and linking to them from the main page (see fpro.snibworks.com to see what I'm talking about). The links do not have any PHPSESSID stuff after them, as I am using ini_set() to make sure they are off (using a remote host...).

You may think I'm crazy, but I'm trying to keep this page 100% valid HTML blah blah. When I click the link on my page that proves its validity, it says it's not valid because of the '&' in the link to each section.

I didn't put the '&'s there, and PHP shouldn't have either!

Is there some way to get it to stop, or is the w3 validator screwed up?

Thanks in advanced,

Snib

<><
__________________
-Snib - http://www.snibworks.com
Where will you be in 100 years?
Reply With Quote
  #2 (permalink)  
Old June 28th, 2004, 09:29 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Snib,
It isn't the ampersand character that isn't allowed, it's the fact that it is inserted unencoded. HTML entities must be encoded when they appear literally in a document. The W3C recommends that a semi-colon be used instead of the ampersand to separate URL embedded arguments, php.net recommends the encoded HTML entity.. &amp; which is what I use personally.

I wrote an article on this a long time ago:
http://p2p.wrox.com/topic.asp?TOPIC_ID=4028

This includes all the proper ini settings and relevant links that discuss query strings and the argument separator.

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
  #3 (permalink)  
Old June 29th, 2004, 04:51 PM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Rich,

I understood that the & was allowed encoded, but now I see I didn't really make that clear.

Anyway.....

You're a lifesaver! It works!

Still, I have one question: why is PHP putting the PHPSESSID in the querystring, when I have the ini setting for it OFF? This isn't a problem, but I'm curious.

Thanks lots Rich!

Snib

<><
Reply With Quote
  #4 (permalink)  
Old June 29th, 2004, 06:47 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

I really don't know. I don't use session.use_trans_sid, I prefer to handle all of the inserting of the SID myself. This isn't enabled by default. To figure out if it is the ini setting do a simple test script. Start a session, then make a link and output the page. If the PHPSESSID is magically included then you have a problem with that directive, if not then there's something else in your code doing this. Techniques like this help you to narrow down the source of the problem. If all else fails, consult php.net and look to see if anyone has reported a bug about it. If you think that it could be a bug, make sure you've upgraded to the latest PHP and can still reproduce it before filing a report.

Also don't forget to restart your HTTP server after ini changes, I realize you probably already know this but sometimes we forget the simplest things.

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::
Reply With Quote
  #5 (permalink)  
Old June 29th, 2004, 08:42 PM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Rich,

I think the problem may be how I'm setting use_trans_sid.

Here are some details:

I am using ini_set(), on a remote host. It seems to work well, getting rid of the PHPSESSID on every link. It does NOT appear to work with the w3 validator.... not a problem anymore, as I've set the arg_separator.input and .output statements with ini_set() also....

So, no big deal why it does this, I'm just curious.

Thanks for your time, Rich.

Snib

<><
Reply With Quote
  #6 (permalink)  
Old July 23rd, 2004, 09:00 PM
Friend of Wrox
 
Join Date: Nov 2003
Location: , , .
Posts: 1,285
Thanks: 0
Thanked 2 Times in 2 Posts
Default

This is another unfortunate topic of mine that has risen again, if differently.... (it never was solved, but that didn't really end up mattering)

PHP dynamically puts the SID in forms using a hidden <input/> element. For some reason, it puts it right after the opening form tag, which is not allowed in XHTML 1.1 (the standard I'm following).

Is there a way to get it to stop at least putting the input there??

Thanks,

Snib

<><
Reply With Quote
  #7 (permalink)  
Old July 24th, 2004, 04:51 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , United Kingdom.
Posts: 256
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Snib, I noticed your comment in reference to using XHTML 1.1 with the Validator. I take it you're aware that the Validator doesn't send HTTP_ACCEPT? If serving XHTML to the Validator, it is best to use a MIME header rewrite test such as that suggested by Richard Allsebrook as a modification to the code in this articlehttp://www.xml.com/pub/a/2003/03/19/dive-into-xml.html on O'Reilly's excellent XML.com - namely:

if ( isset($_SERVER["HTTP_ACCEPT"]) and stristr($_SERVER["HTTP_ACCEPT"],"application/xhtml+xml") ) {
 header("Content-type: application/xhtml+xml");
 }
 else {
 header("Content-type: text/html");
 }
}

This will send the correct MIME header (and incidentally trns Mozilla into an excellent XML debugging tool.

I just thought I'd mention it, in case you hadn't come across this before.

Dan
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Almost crazy trevo4f BOOK: Beginning ASP 3.0 2 May 15th, 2008 11:22 AM
SQL Crazy Query... devendar SQL Server 2005 4 July 19th, 2007 12:51 AM
Crazy scrollbar issue Teessider_2000 CSS Cascading Style Sheets 3 August 21st, 2006 07:41 AM
Driving me nuts! bhd8ball Classic ASP Professional 2 January 7th, 2005 12:55 AM
Crazy Thing happening Kenny Alligood Access VBA 10 February 17th, 2004 12:26 PM



All times are GMT -4. The time now is 05:39 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.