& ----> &

Kijk eens naar de functie htmlspecialchars()
Maar als je je database charset en je website charset allebei hebt ingesteld op het zelfde (utf8 bij voorbaat) dan zou het ook goed moeten gaan. :-)

dat charset verhaal gaat vooral op voor letters als ë of ó, maar niet voor & of <

daarvoor moet je wel htmlspecialchars gebruiken.

het probleem zit hem hierin:

Op de site hebben wij een contact formulier gemaakt. Dit word vertoon in PrettyPhoto (iframe)
De artikel omschrijving word uit de automatisch gegenereerde link gehaald

voorbeeld link: http://www.test.com/index3.php?&sku=Printer & Papier &iframe=true&width=800&height=400

Php pakt dit vervolgens op met

<?php $val = $_GET["sku"]; ?>

D.m.v. van een <?php echo $val ?> word de omschrijving naar ons gemaild.

Alleen na het & teken stop de omschrijving. Dus krijgen wij gemaild i.p.v. Printer & Papier:
Printer. (alles na de ampersand vervalt)

Geef eens wat code hoe die link wordt gegenereerd? Daar zou je bijv htmlspecialchars() of rawurlencode() moeten toepassen.

als het een url in moet, dan is het rawurlencode().

de link zit in de artpage.html:

www.test.comindex3.php?sku={$article.descriptionandmeasure}&iframe=true&width=800&height=400

de omschrijving van het artikel word in de main php gemaakt en word opgeroepen d.m.v.
{$article.descriptionandmeasure}

<?php

$s = 'www.test.com/index3.php?sku='. 
          rawurlencode($article.descriptionandmeasure) . 
     '&iframe=true&width=800&height=400';

?>

Maar het lijkt me zekerder om dergelijke teksten mee te geven met een id en dan in index3.php aan de hand van dat id de tekst op te halen. (mits je bij dezelfde databron kunt komen natuurlijk.

Dit soort teksten moet je ook minimaal al opvangen met htmlspecialchars() om te voorkomen dat iemand een link publiceert met

?sku=prachtige+printer<script>eviljavascript</script>&iframe=true

maar je loopt ook risico op teksten die jij helemaal niet op je site bedoelde te publiceren.

?sku=dit+product+is+niet+meer+leverbaar+ivm+fallisement+test.com&iframe=true

Dit is wat er in de main php staat:

<?php
case "article":
try{
addBasketToTemplate($tpl, $currentLanguage, $lvShowPriceMode);
$art = new Article($pg->aid);
$article=$art->data;
if ($article['has_variantparents'] == 1) { $art = new Article($article['variantparents']['variant_parent']); $article = $art->data; $pg->aid = $article['nr']; }
$curr_lang='lang_'.$currentLanguage;
$article['description']=$article['description'][$curr_lang];
$article['descriptionandmeasure']=$article['descriptionandmeasure'][$curr_lang];
$article['measure']=$article['measure'][$curr_lang];
$article['urlitem']=$article['urlitem'][$curr_lang];
if (isset($article['specification'])) { $article['specification']=$article['specification'][$curr_lang]; }
if (isset($article['shortmemo'])) { $article['shortmemo'] = $article['shortmemo'][$curr_lang]; }
if (isset($article['longmemo'])) { $article['longmemo'] = $article['longmemo'][$curr_lang]; }
$curr_lang2='LV_ARTICLES_'.strtoupper($curr_lang);
if (isset($article['lightbox']) && isset($article['lightbox']['lightbox_big'])) {
$article['use_lightbox'] = 1;
if (!is_array($article['lightbox']['lightbox_big']['picture'])){ $article['lightbox']['lightbox_big']['picture']=array(0=>$article['lightbox']['lightbox_big']['picture']); }
if (!is_array($article['lightbox']['lightbox_small']['picture'])){ $article['lightbox']['lightbox_small']['picture']=array(0=>$article['lightbox']['lightbox_small']['picture']); }
} else { $article['use_lightbox'] = 0; }
if (!isset($article['bottom_scripts'])) { $article['bottom_scripts'] = ''; }
if ($article['use_variants']==0) {
$article=$art->article_language_conversions($article,$art->get_stock_quantity($art['nr']),$currentLanguage);
} elseif ($article['use_variants']==1) {
$article_variants=array();
if (isset($article['variants']['variant_article'])) {
if (!is_array($article['variants']['variant_article'])) { $article['variants']['variant_article']=array(0=>$article['variants']['variant_article']); }
foreach ($article['variants']['variant_article'] as $v) {
$a=$art->get_another_product($v,1);
if ($a) {
$a=$art->article_language_conversions($a,$art->get_stock_quantity($a['nr']),$currentLanguage);
$a['descriptionandmeasure']=$a['descriptionandmeasure'][$curr_lang];
if (isset($a['shortmemo'])) { $a['shortmemo'] = $a['shortmemo'][$curr_lang]; }
if (isset($a['longmemo'])) { $a['longmemo'] = $a['longmemo'][$curr_lang]; }
if (isset($a['options_struct']['options_struct_item'][0]) && (sizeof($a['options_struct']['options_struct_item'][0]) == 0)) { unset($a['options_struct']); }
if (isset($a['text_struct']['text_struct_item'][0]) && (sizeof($a['text_struct']['text_struct_item'][0]) == 0)) { unset($a['text_struct']); }
$real_vat = 0;
if (isset($vatitems[$a['vat']])) { if (isset($vatitems[$a['vat']]['LV_PERCENTAGE'])) { $real_vat = $vatitems[$a['vat']]['LV_PERCENTAGE']; } }
$a['vat'] = $real_vat;
$a['price_currname'] = $a['price_currname'][$curr_lang];
$a['availability']['availability_text'] = $a['availability'][$curr_lang]['availability_text'];
if (isset($a['pictbiblio']['item'])) { $a['pictbiblio']['item'] = $art->get_picturebiblio($a['pictbiblio']['item']); }
$article_variants[]=$a;
}
}
}
$tpl->assign('article_variants',$article_variants);
}
if (isset($article['related_products']['item'])) {
if (!is_array(current($article['related_products']['item']))) { $article['related_products']['item']=array(0=>$article['related_products']['item']); }
foreach ($article['related_products']['item'] as $k=>$v) {
$a=$art->get_another_product($v['article_nr']);
if ($a) {
if (is_array(current($a['LV_ARTICLES_GROUP']))) { $a_group=$a['LV_ARTICLES_GROUP']['LV_ARTICLES_ITEM'][0]; } else { $a_group=$a['LV_ARTICLES_GROUP']['LV_ARTICLES_ITEM']; }
$article['related_products']['item'][$k]['group_id'] = $a_group;
$article['related_products']['item'][$k]['descriptionandmeasure'] = $a['LV_ARTICLES_DESCRIPTIONANDMEASURE'][$curr_lang2];
$article['related_products']['item'][$k]['picturemini'] = $a['LV_ARTICLES_PICTUREMINI'];
$article['related_products']['item'][$k]['picturesmall'] = $a['LV_ARTICLES_PICTURESMALL'];
$article['related_products']['item'][$k]['price_currname'] = $a['LV_ARTICLES_PRICE_CURRNAME'][$curr_lang2];
$article['related_products']['item'][$k]['showprice_mode'] = $a['LV_ARTICLES_SHOWPRICE_MODE'];
$article['related_products']['item'][$k]['urlitem'] = $a['LV_ARTICLES_URLITEM'][$curr_lang2];
$article['related_products']['item'][$k]['nr'] = $a['LV_ARTICLES_NR'];
$real_vat = 0;
if (isset($vatitems[$a['LV_ARTICLES_VAT']])) { if (isset($vatitems[$a['LV_ARTICLES_VAT']]['LV_PERCENTAGE'])) { $real_vat = $vatitems[$a['LV_ARTICLES_VAT']]['LV_PERCENTAGE']; } }
$article['related_products']['item'][$k]['vat'] = $real_vat;
}
}
}
// Cross Marketing
if (isset($article['cm']['cm_text'])) {
$article['cm']['cm_text']=$article['cm']['cm_text'][$curr_lang];
if (isset($article['cm']['cm_item'])) {
if (!is_array($article['cm']['cm_item'])) { $article['cm']['cm_item']=array(0=>$article['cm']['cm_item']); }
foreach ($article['cm']['cm_item'] as $v) {
$a=$art->get_another_product($v);
if ($a) {
if (is_array(current($a['LV_ARTICLES_GROUP']))) { $a_group=$a['LV_ARTICLES_GROUP']['LV_ARTICLES_ITEM'][0]; } else { $a_group=$a['LV_ARTICLES_GROUP']['LV_ARTICLES_ITEM']; }
$real_vat = 0;
if (isset($vatitems[$a['LV_ARTICLES_VAT']])) { if (isset($vatitems[$a['LV_ARTICLES_VAT']]['LV_PERCENTAGE'])) { $real_vat = $vatitems[$a['LV_ARTICLES_VAT']]['LV_PERCENTAGE']; } }
$article['cm']['products'][] = array( 'nr'=>$a['LV_ARTICLES_NR'], 'group_id'=>$a_group, 'picturesmall'=>$a['LV_ARTICLES_PICTURESMALL'], 'picturemini'=>$a['LV_ARTICLES_PICTUREMINI'], 'description'=>$a['LV_ARTICLES_DESCRIPTION'][$curr_lang2], 'measure'=>$a['LV_ARTICLES_MEASURE'][$curr_lang2], 'descriptionandmeasure'=>$a['LV_ARTICLES_DESCRIPTIONANDMEASURE'][$curr_lang2], 'urlitem'=>$a['LV_ARTICLES_URLITEM'][$curr_lang2], 'price_currname'=>$a['LV_ARTICLES_PRICE_CURRNAME'][$curr_lang2], 'price'=>$a['LV_ARTICLES_PRICE_SHOW'], 'showprice_mode'=>$a['LV_ARTICLES_SHOWPRICE_MODE'], 'vat'=>$real_vat, 'first_group'=>$a['first_group']);
}
}
}
}
if (isset($article['ecotaxes']['ecotax'])&&!is_array(current($article['ecotaxes']['ecotax']))) { $article['ecotaxes']['ecotax']=array(0=>$article['ecotaxes']['ecotax']); }
if (!empty($article['recommendedprice'])) {
if (is_array($article['recommendedprice'])) { $tpl->assign('INVALID_RECOMMENDED_PRICE','true'); } else { $tpl->assign('INVALID_RECOMMENDED_PRICE','false'); }
} else { $tpl->assign('INVALID_RECOMMENDED_PRICE','false'); }
if (isset($conf->data['LV_OPTIONS']['LV_REVIEW_ENABLED']) && ($conf->data['LV_OPTIONS']['LV_REVIEW_ENABLED']==1)) { if (isset($article['review_total']) && ($article['review_total']>=1)) { $article['reviews'] = $art->get_reviews($pg->aid,strtoupper($currentLanguage)); } }
$article=$art->setArticleAttributes($conf,$article,$attr,$currentLanguage);
$real_vat = 0;
if (isset($vatitems[$article['vat']])) { if (isset($vatitems[$article['vat']]['LV_PERCENTAGE'])) { $real_vat = $vatitems[$article['vat']]['LV_PERCENTAGE']; } }
$article['vat'] = $real_vat;
$article['availability']['availability_text'] = $article['availability'][$curr_lang]['availability_text'];
if (($article['options_struct'] != '') && isset($article['options_struct']['options_struct_item'][0]) && (sizeof($article['options_struct']['options_struct_item'][0]) == 0)) { unset($article['options_struct']); }
if (($article['text_struct'] != '') && isset($article['text_struct']['text_struct_item'][0]) && (sizeof($article['text_struct']['text_struct_item'][0]) == 0)) { unset($article['text_struct']); }
$tpl->assign('article',$article);
$tpl->assign('group_id',$group_id);
$tpl->assign('group_id_level1',$group->level1);
$art->get_another_product($pg->aid);
$tpl->assign('LV_OPTIONS_SITETITLE', $art->xml['Logivert']['LV_META_TITLE']['LV_'.strtoupper($currentLanguage)]);
$baseMetatags .= $art->xml['Logivert']['LV_META_TAGS']['LV_'.strtoupper($currentLanguage)];
$tpl->assign('LV_METATAG', AddCanonicalTag($baseMetatags, $shop_root_dir, $action, $pg->aid, $art->data['urlitem'][$curr_lang], $currentLanguage));
$tpl->assign('layout_include','page.art.html');
$tpl->display('layout.html');
} catch (Exception $e) { lvredirect('index.php?action=home&lang='.strtoupper($currentLanguage)); }
break;
?>

Hoe kan ik dan een id maken uit de database?

is het verboden om overzichtelijke code te produceren?

Het is jouw script en jouw database.

Ik schat zo in dat in de buurt van waar je nu de omschrijving ophaalt, je ook een id kunt vinden....

Toevoeging op 19/03/2014 13:17:30:

zou zo maar $pg->aid kunnen zijn trouwens.
maar afhankelijk van de class Article

Beste Ivo,

Mijn excuses voor de enorme code.
Als ik vanuit een andere map, wil connecten met een database hoe kan ik die dan aanroepen?
De aid is inderdaad de id van de artikelen.