Code: Select all
function make_links($Page, $keywords)
{ for($i=$Page; $i<=10; ++$i)
{ $find = urlencode($keywords);
$href = " <a href=" . "atest.php?Page=$i&KWs=" . $find . ">" . $i . "</a>";
echo $href;
}
}Thanks
Moderator: General Moderators
Code: Select all
function make_links($Page, $keywords)
{ for($i=$Page; $i<=10; ++$i)
{ $find = urlencode($keywords);
$href = " <a href=" . "atest.php?Page=$i&KWs=" . $find . ">" . $i . "</a>";
echo $href;
}
}Code: Select all
<?php
function make_links($page, $keywords) {
for($i = $page; $i <= 10; ++$i) {
$find = urlencode($keywords);
?>
<a href="atest.php?page=<?=$i; ?>&kws=<?=$find; ?>"><?=$i; ?></a>
<?php
}
}
?>
It's not true (unless you define 'hacking' in a very specific way like leaking data from GET requests (via Referer header) when user navigates to an external site by clicking a link on your site).JackD wrote:Everything I have seen indicates POST is safer from hacking than GET
It's very bad for your search ratings. Search engine crawlers do not post anything and therefore cannot index responses to POST requests.JackD wrote:so I have been trying to use POST everywhere but I cannot get the above to do a POST.
GET requests. Basically they:JackD wrote:What kinds of things do web crawlers be sending to a page
You shouldn't be doing this. Treat them like any other visitor. In fact, some (Google does that) would penalize you if you feed them different content from what you show to humans.how would we recognize it, and how should we respond?
Typically valid page requests, but this shouldnt make any difference. Your web application should be able to handle anything thrown at it.JackD wrote:What kinds of things do web crawlers be sending to a page,
I favor a whitelist approach. If you have have a request variable that is used for navigation (example: http://www.example.org?navigation=products_page) check for the existence of the navigation key and if it exists, check the value against a list of valid actions. Disregard any key/values that you do not expect.JackD wrote:how would we recognize it,
If the key/value is not valid, disregard it or display a generic page, such as your home page or a 404 error page.JackD wrote:and how should we respond?
Don't teach anyone this. It only works if short_open_tag = On, and it is now off by default. This is not portable.michaeru wrote:<?='hello world' ?>
is equal to
<?php echo 'hello world'; ?>
Not everyone needs to care about portability. And I really hope this unwise decision to disable short_open_tag (or even having this ini knob in the first place) will get reverted with the release of PHP6.AbraCadaver wrote:This is not portable.
I don't care either way whether it is off or on by default, or removed soon. It's similar in some respects to register_globals, magic_quotes, etc. If it will be off in most installs, and removed in the near future, then why teach it to PHP beginners? How many posts have you seen that someone tries code and they don't get the result of the executed code but the code itself displayed, all due to this issue? Those writing enterprise applications that don't have to worry about portability or whether their host will change a setting already understand these things.Weirdan wrote:Not everyone needs to care about portability. And I really hope this unwise decision to disable short_open_tag (or even having this ini knob in the first place) will get reverted with the release of PHP6.AbraCadaver wrote:This is not portable.