Hi guys may I ask why is my isset failed to ready parameter from the url?
The second picture is I tried to pass a id parameter into it
You didn't explain precisely what the code is doing instead of what you expected, but from the code we can see some likely issues:
Your URL looks wrong:
A # in a URL normally tells the browser to move to an anchor in the current page, not send a request to the server
Unless you've got some system for enabling "pretty" URLs then you'll need to put the .php extension on the end of the filename in the URL
%s isn't a number or ID, it looks like it might be a placeholder for string replacement, but it's unclear from the code you've shown whether the text is actually inside some sort of string / command where replacement would occur.
A valid-looking example (relative) URL to put into your link might be something like delAcc.php?id=1, so
<a href="delAcc.php?id=1" class="fas fas-user-minus">
in PHP, variables inside single-quoted strings are not interpolated, so you'd get $id literally shown on screen in the alert.
You need to double-quote the string:
echo "<script>alert($id)</script>";
Related
I am sending the below url with query string. In the query string one parameter
"approverCmt" has value with hash(#).
"/abc/efd/xyz.jas?approverCmt=Transaction Log #459505&batchNm=XS_10APR2015_082224&mfrNm=Timberland"
In server side when I tried to retrieve it from the request I get
approverCmt = Transaction Log -----> "#459505" is missing
batchNm = null
mfrNm = null
And If I remove hash(#) from query string or If I replace # with %23 every thing works fine
I don't understand why I am getting null for one parameter if another parameter contains a hash(#) symbol.
Appreciate if any one can explain.
This is known as the "fragment identifier".
As mentioned in wikipedia:
The fragment identifier introduced by a hash mark # is the optional last part of a URL for a document. It is typically used to identify a portion of that document.
The part after the # is info for the client. It is not sent to the server. Put everything only the browser needs here.
You can use the encodeURIComponent() function in JavaScript to encode special characters in a URL, so that # characters are converted to other characters that way you can be sure your whole URL will be sent to the server.
The Hash value is for the anchor, so it is only client-side, it is often used in client-side framework like angular for client-side routing.
The anchor is NOT available server-side.
In your case you don't need an anchor, but a parameter value with a # break the query string the value is "Transaction Log #459505".
EDIT Naive solution that doesn't work, just let it ther for history, See Real solution below
The solution is to encode client-side and decode serveur-side
Encoding in javascript
encodeURI("Transaction Log #459505")
//result value "Transaction%20Log%20#459505"
Decode in Java
java.net.URLDecoder.decode("Transaction%20Log%20#459505");
//result "Transaction Log #459505"
EDIT: But: Javascript doesn't encode in the same way than Java
So the correct answer (I hope) is to manually replace all your # with %23, then Java will decode it normally, or to use encodeURIComponent as suggested in comments. For your need the replace solution seem to be enough.
Encode in Javascript:
encodeURI("yourUrl/Transaction Log #459505").replace(/#/,"%23")
//result: yourUrl/Transaction%20Log%20%23459505
The decode in Java doesn't change
java.net.URLDecoder.decode("Transaction%20Log%20#459505")
// result (java.lang.String) Transaction Log #459505
Sorry for long post, I didn't see the difference bettween Java and the JavaScrip Url encoding
the hash is an anchor:
see wikipedia for more information
http://localhost/foo/profile/%26lt%3Bi%26gt%3Bmarco%26lt%3B%2Fi%26gt%3B
The url above gives me a 404 Error, the url code is this: urlencode(htmlspecialchars($foo));, as for the $foo: <i>badhtml</i>
The url works fine when there's nothing to encode e.g. marco.
Thanks. =D
Update: I'm supposed to capture the segment in the encoded part of the uri, so a 404 isn't supposed to appear.
There isn't any document there, marco is simply the string that I needed to fetch that person's info from db. If the user doesn't exist, it won't throw that ugly error anyways.
Slight idea what's wrong: I found out that if I used <i>badhtml<i>, it works just fine but <i>badhtml</i> won't, what do I do so that I can maintain the / in the <i>?
It probably think of the request as http://localhost/foo/profile/<i>badhtml<**/**i>
Since there is a slash / in the parameter, this is getting interpreted as a path name separator.
The solution, therefore, is to replace all occurrences of a slash with something that doesn't get interpreted as a separator. \u2044 or something. And when reading the parameter back in, change all \u2044s back to normal slashes.
(I chose \u2044 because this character looks remarkably like a normal slash, but you can use anthing that would never occur in the parameter, of course.)
It is most likely that the regex responsible for handling the URL rewrite does not like some of the characters in the URL-encoded string. This is most likely httpd/apache question, rather than PHP. Your best guess is to start by looking at the .htaccess (file containing URL rewrite rules).
This question assumes that your are trying to pass an argument through the URL, rather than access a file named <i>badhtml</i>.
Mr. Lister, you rocked.
"The solution, therefore, is to replace all occurrences of a slash with something that doesn't get interpreted as a separator. \u2044 or something. And when reading the parameter back in, change all \u2044s back to normal slashes."
Just noticed that when using single quotes to echo a basic link in php, the url repeats itself.
<?php
echo 'Link URL - Single Quotes<br />';
?>
The above code outputs the link as:
http://example.com/"http://example.com/"
Can anyone shed some light on the reason for this?
You shouldn't \-escape your " when you're using ' to surround the string as a whole. This couldn't create that output itself, but it might confuse a parser somewhere down the line, producing the problem. Try this instead:
echo 'Example.com<br />';
Use PHP to output dynamic data and leave the HTML out of it. This will save you hours of quotation frustration
?>
Example.com<br />
<?php
// carry on with the PHP
echo 'Example.com<br />';
outputs
Example.com<br />
The backslashes are included in the final output and most likely trip up the HTML parser.
You're escaping the double quotes. It isn't necessary when using single quotes and vice-versa.
<?php
echo 'Example.com<br />';
?>
The above code outputs the link as:
http://example.com/"http://example.com/"
No, it doesn't produce that output.
This is what you see in the browser when you put the cursor over the link and when you click on the link. It's part of the browser's job to resolve the relative and incomplete links, but what it shows to the user is, most of the times, not what it is written in the HTML code.
Use the browser's "View Source" functionality to see the HTML generated by your code.
The (invalid) HTML produced by your code is:
Link URL - Single Quotes<br />
The browser interprets \"http://example.com\" as the value of the href attribute. The HTTML attribute values can be either enclosed in quotes (") or apostrophes (') or unquoted at all and the quoting character must be the first non-space character after the equal sign (=). Because it finds a backslash (\) after the equal sign, it concludes the attribute value is not quoted and read everything until the first whitespace or until the tag ends (>) as the attribute's value.
The value \"http://example.com\" is not a valid URL and the browser handles it as an incomplete URL. An incomplete URL needs to be resolved to a complete URL in order to be used. It doesn't look like a relative URL (doesn't start with ..), it doesn't look like an absolute path without a host name either (doesn't start with /). The only way to resolve it is to treat it as a file name located in the same directory as the page that is currently loaded. Chances are that your offending code runs in a page located in the root of your website (http://example.com/index.php, for example).
I won't provide a fix for your problem here. The question already have plenty of answers that provide you various ways to avoid this happen.
However, take a look at the strings documentation page in the PHP manual. All you need to know is explained there.
I am working with an XML feed that has, as one of it's nodes, a URL string similar to the following:
http://aflite.co.uk/track/?aid=13414&mid=32532&dl=http://www.google.com/&aref=chris
I understand that ampersands cause a lot of problems in XML and should be escaped by using & instead of a naked &. I therefore changed the php to read as follows:
<node><?php echo ('http://aflite.co.uk/track/?aid=13414&mid=32532&dl=http://www.google.com/&aref=chris'); ?></node>
However when this generates the XML feed, the string appears with the full &
and so the actual URL does not work. Apologies if this is a very basic misunderstanding but some guidance would be great.
I've also tried using %26 instead of & but still getting the same problem.
If you are inserting something into XML/HTML you should always use the htmlspecialchars function. this will escape your strings into correct XML syntax.
but you are running into a second problem.
your have added a second url to the first one.
this need also escaped into url syntax.
for this you need to use urlencode.
<node><?php echo htmlspecialchars('http://aflite.co.uk/track/?aid=13414&mid=32532&aref=chris&dl='.urlencode('http://www.google.com/')); ?></node>
& is correct for escaping ampersands in an XML document. The example you've given should work.
You state that it doesn't work, but you haven't stated what application you're using, or in what way it doesn't work. What exactly happens when you click the link? Do the & strings end up in the browser's URL field? If that's the case, it sounds like a fault with the software you've viewing the XML with. Have you tried looking at the XML in another application to see if the problem is consistent?
To answer the final part of your question: %26 would definitely not work for you -- this would be what you'd use if your URL parameters needed to contain ampersands. Say for example in aref=chris, if the name chris were to an ampersand (lets say the username was chris&bob), then that ampersand would need to be escaped using %26 so that the URL parser didn't see it as starting a new URL parameter.
Hope that helps.
I have made one form in which there is rich text editor. and i m trying to store the data to database.
now i have mainly two problem..
1) As soon as the string which contents "#"(basically when i try to change the color of the font) character, then it does not store characters after "#". and it also not store "#" character also.
2) although i had tried....in javascript
html.replace("\"","'");
but it does not replace the double quotes to single quotes.
We'll need to see some code. My feeling is you're missing some essential escaping step somewhere. In particular:
As soon as the string which contents "#"(basically when i try to change the color of the font) character
Implies to me that you might be sticking strings together into a URL like this:
var url= '/something.php?content='+html;
Naturally if the html contains a # symbol, you've got problems, because in:
http://www.example.com/something.php?content=<div style="color:#123456">
the # begins a fragment identifier called #123456">, like when you put #section on the end of a URL to go to the anchor called section in the HTML file. Fragment identifiers are purely client-side and are not sent to the server, which would see:
http://www.example.com/something.php?content=<div style="color:
However this is far from the only problem with the above. Space, < and = are simly invalid in URLs, and other characters like & will also mess up parameter parsing. To encode an arbitrary string into a query parameter you must use encodeURIComponent:
var url= '/something.php?content='+encodeURIComponent(html);
which will replace # with %35 and similarly for the other out-of-band characters.
However if this is indeed what you're doing, you should in any case you should not be storing anything to the database in response to a GET request, nor relying on a GET to pass potentially-large content. Use a POST request instead.
It seems that you are doing something very strange with your database code. Can you show the actual code you use for storing the string to database?
# - character is a common way to create a comment. That is everything starting from # to end of line is discarded. However if your code to store to database is correct, that should not matter.
Javascript is not the correct place to handle quote character conversions. The right place for that is on server side.
As you have requested....
I try to replay you... I try to mention exact what I had done...
1) on the client side on the html form page I had written like this..
html = html.trim(); // in html, the data of the rich text editor will come.
document.RTEDemo.action = "submit.php?method='"+ html.replace("\"","'") + "'";
\\ i had done replace bcz i think that was some problem with double quotes.
now on submit.php , my browser url is like this...
http://localhost/nc/submit.php?method='This is very simple recipe.<br><strong style='background-color: #111111; color: #80ff00; font-size: 20px;">To make Bread Buttor you will need</strong><br><br><blockquote><ol><li>bread</li><li>buttor</li></ol></li></blockquote><span style="background-color: #00ff80;">GOOD.</span><br><br><br><blockquote><br></blockquote><br>'
2) on submit.php ........I just write simply this
echo "METHOD : ".$_GET['method'] . "<br><br>";
$method = $_GET['method'];
now my answer of upper part is like this...
METHOD : 'This is very simple recipe.
now i want to store the full detail of URL....but its only storing...
This is very simple recipe.