[sclug] URL encoding/decoding question
Roland Turner SCLUG
raz.fpyht.bet.hx at raz.cx
Sun Feb 19 19:58:07 UTC 2006
On Sun, 2006-02-19 at 18:08 +0000, Dickon Hood wrote:
> On Sun, Feb 19, 2006 at 17:32:23 +0000, Roland Turner (SCLUG) wrote:
>
> : On the way back, you should be able to fish it out unencoded, as long as
> : the form's encoding is set to message/multipart instead of url-encoded.
> : (Again, the question, why are you url-encoding?)
>
> I'm going to guess, but it's because he isn't using placeholders, and is
> attempting to URL encode everything to avoid SQL-special characters. It's
> the sort of thing I've done in the past for similar reasons.
I assume by placeholders you mean parametric statements (i.e. statements
with "?" to stand for "IN parameters" which are later set with set*()
calls).
I further assume that after my extensive lecturing on the subject,
Pieter wouldn't dare construct SQL statements by simply concatentating
string fragments with whatever slop came from a web-browser :-)
- Raz
More information about the Sclug
mailing list