$name = $_GET['name'];
function event_url($e) {
- return BASE_URL."?event=$e";
+ return "?event=$e";
}
function query_db($query, $params=null) {
}
$peeps = get_peeps($event);
-$shareable_link = event_url($event);
+$shareable_link = BASE_URL.event_url($event);
?>
<!DOCTYPE html>
<html>
<?php if (isset($event)): ?>
<?php if (isset($name)): ?>
- <h2>Hello, <?= $name ?>!</h2>
+ <h2>Hello, <?= htmlspecialchars($name) ?>!</h2>
<?php else: ?>
<h2>Hello!</h2>
<form>
<?php
foreach ($peeps as &$p) {
$cls = $p['name'] == $name ? 'me' : '';
- echo "<tr><td class='$cls'>$p[name]</td></tr>\n";
+ echo "<tr><td class='$cls'>".htmlspecialchars($p['name'])."</td></tr>\n";
echo "<tr><td>⬇</td></tr>\n";
}
$first = reset($peeps);
- echo "<tr><td>$first[name]</td></tr>\n";
+ echo "<tr><td>".htmlspecialchars($first['name'])."</td></tr>\n";
?>
</table>
<?php elseif (isset($event)): ?>
projects / swapshop.git / commitdiff