I have a page generated by a php script which includes the following in the source code for the page:
<a href=“index.php?opt=decline” >Decline registration at this time</a>
What the browser actually sends is:
There is nothing in the php script or in the source code that indicates that any of the characters represented in this URI encoding are present. Hidden characters???
Why, where and how is it inserting this code? How do I stop this injection??