Passing HTML into a PHP file

[esoterick]

I have some php code that generates an iframe inside my current page.  http://.../noc/test/gage_test2.php?iSize=500&dSetting=.99&sDisplay=bleh

 

iSize is the size of the iframe dSetting is the value a decimal representation of a precent, and sDisplay is a string representing text that is displayed in the iframe.  With common strings everything is great i just get in a jam when i pass in some html.  i.e. i want to be able to pass in something like this <a href="bleh.htm">bleh</a>.  is there any way around this? as of right now this is what i get as the html output

 

<iframe src="/.../noc/test/gage_test2.php?dSetting=5.1&iSize=300&sDisplay=<a class="nocHTMLtool_Anchor" href="display_incidents.php" target="_blank" style="font-weight: bold; color: black;">51</a>" width=310px frameborder=no height=25px scrolling=no></iframe>

 

and it gets all confused...  would using regex to remove the " and replace them with ' solve this problem or is there an easier way to do something like this.

[esoterick]

Bump

[wildteen88]

You'll want to use htmlspecialchars or htmlentities if you are passing HTML over the url.

 

Eg:

 

$dSetting = 5.1;
$iSize = 300;
$sDisplay = '<a class="nocHTMLtool_Anchor" href="display_incidents.php" target="_blank" style="font-weight: bold; color: black;">51</a>';

echo '<iframe src="/.../noc/test/gage_test2.php?dSetting=' . $dSetting . '&iSize=' . $iSize . '&sDisplay=' . htmlentities($sDisplay, ENT_QUOTES) . '"></iframe>';

[esoterick]

thank you that did the trick