Jump to content

How to validate my links....

rajeevthomas

By rajeevthomas
in HTML Help

 Share

Recommended Posts

rajeevthomas Member

rajeevthomas

Posted
Posted

Hi Everyone..

 

I am not sure if I should post this question here. I would like to fix this problem using PHP rather than HTML. I am new to PHP. This code is part of an old PHP gallery file. I am trying to validate my site but the site's links have some characters that makes the link throw errors in W3C Validator. So I tried to replace the characters with HTML characters for example ? are now replaced by ?

 

so my original link before using valid HTML characters looked like

www.awebsite.com/viewgallery.php?cname=Colorado-Fall&pcaption=Lost-In-The-art

And now it looks like this ...

www.awebsite.com/viewgallery.php?cname=Colorado-Fall&pcaption=Lost-In-The-art

But now W3C Validator shows an error like this

  1. error.png Line 32, Column 240: an attribute value must be a literal unless it contains only name characters 
    …n class='next'><a href=viewgallery.php?cname=Colorado-Journeys&pca…

    You have used a character that is not considered a "name character" in an attribute value. Which characters are considered "name characters" varies between the different document types, but a good rule of thumb is that unless the value contains only lower or upper case letters in the range a-z you must put quotation marks around the value. In fact, unless you have extreme file size requirements it is a very very good idea to always put quote marks around your attribute values. It is never wrong to do so, and very often it is absolutely necessary.

     

     

The ? for replacing ? seems to be the problem.The & is highlighted in red.

What am I doing wrong? How can I validate this link? I tried to use single or double quotes around HTML characters but that breaks my links and they won't work after that. Any tips will be appreciated...




			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
	


	

	





	
Link to comment

	
		
	
	
    
         https://forums.phpfreaks.com/topic/290700-how-to-validate-my-links/
    

	
	
Share on other sites

	

	


	

	

	




	



					
					
					
				

					

					
					






					
					
					
				

					

					
					







	

	

	

		

			

				


	
		Jacques1
	

				
				
					
						
Prolific Member
					
				
			

		

		

			

				


Jacques1
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

			Posted 
			
			
				
				
			
		

	


	

    

	

		
		

			

You have to quote the entire attribute. Like this:


<a href="https://yoursite.com/foo">some link</a>



Using unquoted attributes is generally a very bad idea. Apart from the syntax errors, you'll also run into security issues as soon as you start using dynamic parameters. 


 


So always quote your attributes.


 


What the W3C validator actually complained about were the ampersand (&) characters. Since the ampersand is also used to start an HTML entity like ", the parser does not always know if you mean a literal ampersand or an ampersand as part of an HTML entity. The general recommendation is encode all literal ampersands with the & entity:


<a href="https://yoursite.com/foo?x=1&y=2">some link</a>




			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
	


	

	






	



					
					
					
				

					

					
					







	

	

	

		

			

				


	
		rajeevthomas
	

				
				
					
						
Member
					
				
			

		

		

			

				


rajeevthomas
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
						
  • Author
    • 
					
					
					
					
					
				

			

			
		


		

			Posted 
			
			
				
				
			
		

	


	

    

	

		
		

			

You don't need to replace the question mark


 


 




 


You have to quote the entire attribute. Like this:


<a href="https://yoursite.com/foo">some link</a>



Using unquoted attributes is generally a very bad idea. Apart from the syntax errors, you'll also run into security issues as soon as you start using dynamic parameters. 


 


So always quote your attributes.


 


What the W3C validator actually complained about were the ampersand (&) characters. Since the ampersand is also used to start an HTML entity like ", the parser does not always know if you mean a literal ampersand or an ampersand as part of an HTML entity. The general recommendation is encode all literal ampersands with the & entity:


<a href="https://yoursite.com/foo?x=1&y=2">some link</a>





Thank you guys. Looking at your answers I realize that I did not ask my question right. I am sorry about that. My case is a bit different I think. I think it is because I am trying to create the link from inside PHP. My code is


$result_final .= "<a href=viewgallery.php?cname=$cname&pcaption=" . $caption_array[$next] . "><img src='/photos/assets/left.png' alt='left navigation'></a>";


So based on your answers ... I changed the links like this


$result_final .= "<a href=\"viewgallery.php?cname=$cname&pcaption=" . $caption_array[$next] . "\"><img src='/photos/assets/left.png' alt='left navigation'></a>";


It really works. Thank you for the suggestions. No more errors.... ( for now ) :)


Just out of curiosity, is this a bad way of creating links? Is this a hideous code?


Thank you for helping me,....



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
	


	

	






	



					
					
					
				

					

					
					







	

	

	

		

			

				


	
		Jacques1
	

				
				
					
						
Prolific Member
					
				
			

		

		

			

				


Jacques1
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

			Posted 
			
			
				
				
			
		

	


	

    

	

		
		

			

Yes, this is hideous code, because your dynamic parameters are neither URL-encoded nor HTML-escaped (what if they contain special characters?), and the parts you did escape are escaped by hand instead of using the appropriate PHP function.


 


Every dynamic value that goes into your HTML markup must be HTML-escaped. If you don't do that, then you're begging for syntax errors and cross-site scripting attacks. Depending on the context, you may need additional preparation. For example, URL parameters must be URL-encoded.


 


It's very important to understand this: You can't just dump a PHP string into an arbitrary context. Many PHP developers struggle with this simple truth, but it's crucial for writing correct and secure applications.


 


In your case, you would encode the parameters with urlencode() and then escape the entire URL with htmlspecialchars(). You can also let PHP do the URL-encoding if you use http_build_query():


$parameters = array(
	'cname' => $cname,
	'pcaption' => $caption_array[$next],
);
$result_final .= '<a href="' . html_escape('viewgallery.php?' . http_build_query($parameters), 'UTF-8') . '"><img src="/photos/assets/left.png" alt="left navigation"></a>';



Mixing small snippets of HTML markup into your PHP code (aka spaghetti code) also isn't the best idea, but that's another story.



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
	


	

	






	



					
					
					
				

					

					
					







	

	

	

		

			

				


	
		rajeevthomas
	

				
				
					
						
Member
					
				
			

		

		

			

				


rajeevthomas
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
						
  • Author
    • 
					
					
					
					
					
				

			

			
		


		

			Posted 
			
			
				
				
			
		

	


	

    

	

		
		

			



Yes, this is hideous code, because your dynamic parameters are neither URL-encoded nor HTML-escaped (what if they contain special characters?), and the parts you did escape are escaped by hand instead of using the appropriate PHP function.


 


Every dynamic value that goes into your HTML markup must be HTML-escaped. If you don't do that, then you're begging for syntax errors and cross-site scripting attacks. Depending on the context, you may need additional preparation. For example, URL parameters must be URL-encoded.


 


It's very important to understand this: You can't just dump a PHP string into an arbitrary context. Many PHP developers struggle with this simple truth, but it's crucial for writing correct and secure applications.


 


In your case, you would encode the parameters with urlencode() and then escape the entire URL with htmlspecialchars(). You can also let PHP do the URL-encoding if you use http_build_query():


$parameters = array(
	'cname' => $cname,
	'pcaption' => $caption_array[$next],
);
$result_final .= '<a href="' . html_escape('viewgallery.php?' . http_build_query($parameters), 'UTF-8') . '"><img src="/photos/assets/left.png" alt="left navigation"></a>';



Mixing small snippets of HTML markup into your PHP code (aka spaghetti code) also isn't the best idea, but that's another story.




Jaques, thank you!. Sorry about my late reply. And thank you for your code. Now I have somewhere to start from. The array idea is cool. is 'html_escape' a PHP function? I couldn't find out much about it.



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
	


	

	






	



					
					
					
				

					

					
					






					
						
    
							
							
								
  • 
									2 weeks later...
								
    • 
							
						

					
					
					
				

					

					
					






					
					
					
				
			
			



		

	


	
	
	
	
	
		
	
      
This thread is more than a year old. Please don't revive it unless you have something important to add.

			
				
				

	
		

			
Join the conversation

			

	
				
					You can post now and register later.
				
				If you have an account, sign in now to post with your account.
				
			

	
		

	




	
	
		
	
		
	
		
	
	
		
		
	
	

		

		


	
		Guest
	


		

			
				
					
				
					
						
    
							
  • 
								


	
	
	
	

								
							
    • 
						

					
				
					
				
			
			
				
					
						
							
						
						



    

		
		

			
		

		
			
 Reply to this topic...

		
		

			

				
					×
					  Pasted as rich text.   Restore formatting
				
			

		

		

			

				  Only 75 emoji are allowed.
			

		

		

			

				×
				  Your link has been automatically embedded.   Display as a link instead
			

		

		

			

			

		

		

			

				×
				  Your previous content has been restored.   Clear editor
			

		

		

			

				×
				  You cannot paste images directly. Upload or insert images from URL.
			

		

		
	

		
	

	

	

		

			×
			
		

		

	



						
					
				
					
				
					
				
			
			
    
				
					
						
					
						
					
						
							
  • 
								


    
	

    

								
							
    • 
						
					
				
				
					
  • 

	

    • 
				
			

		

	



			
		

	

	
		

			

				
					


    
          Share
    

    

				
				
                

                


				
			

		

	







	

		
			
				Go to topic listing
			
		
	

	




						


					

					


					

				

			

			
		

		
		


	

		×
		

			
				

					
				

			

			

			

			
		

	






	

		×
		

			
    
				
  • Create New...
    • 
				
			

		

	



		






















	

		

			
Important Information

			
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.