how do i escape this and still be able to send through the courseid to course.php for use there.:
<td style='$style'><a href='course.php?id=".encrypt($courseid)."'>".$result->row('title')."</a></td>
I have tried it but it keeps on breaking up my code such that my courseid is not snding through
Then it’s more likely that your code in course.php is broken rather than the link.
without escaping it works perfectly. how would you have done the escaping on that code snippet with htmlspecialchars
Still not really clear what you are asking for and mixing up single and double quotes is a good way to get confused.
Does encrypt($courseid) need to be escaped? In other words, will it ever contain any html special characters?
I might add that encrypting something like this is probably not doing what you really want. I assume you are trying to protect the courseid? Probably better to just have courseid be random and not use obstructionism as a security measure.
$href = htmlspecialchars('course.php?id=' . $courseid, ENT_HTML5);
$text = htmlspecialchars($result->row('title'), ENT_HTML5);
"<a href='$href'>$text</a>"
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.