Session Ids not W3C valid

[towerbase]

I am trying to tidy up the HTML generated by my PHP script so that the W3C validator accepts it as okay.

My application uses sessions. So PHP seems to append something like the following bold text to the <a> tags

<a href='showstory.php?id=25[b]&PHPSESSID=4abf43d6b17...[/b]

The problem is that the W3C validator would like the & specified as &amp;

Otherwise my application works okay.

Is there anyway I can persuade PHP (version 4.4.2) to use &amp; instead of &?

Andrew
Hampshire, UK

 

[Xaqte]

How about using an encoded version of the session id for your anchors:

$anchor_id = htmlentities(SID);

Then, you could use it like this:

<a href="showstory.php?id=<?= $anchor_id ?>">

X

 

[towerbase]

Thanks for the suggestion but PHP still wants to append a

&PHPSESSID=4abf43d6b17...

to the YRL. So I now have two PHPSESSID parameters. One with &amp; which I created and the one created by PHP with &.

It's obviously not critical but I like to produce valid XHMTL where possible.

Andrew
Hampshire, UK

 

[towerbase]

I found the solution and show it here in case anyone else needs to solve the same problem.

Insert the following code at the top of each appropriate PHP script:

<?php ini_set('arg_separator.output','&amp;'); ?>

My thanks to anyone who has spent any time looking for the solution.

Andrew
Hampshire, UK

 

[jpadie]

@towerbase

[this is off topic and {rueful} apologies if i'm being a nanny. ]

passing session id's by url is far from optimal. it allows session hijacking etc. it is better, if you are able, to pass sessions via cookies.

if you must pass sessions via trans_id and there is anything vaguely personal going on, on your site you might consider doing some referer or ip checking on each visit under the same session id.