I am trying to parse some json data using json_decode function of php. However, I need to remove certain leading and trailing characters from this long string before decoding. Therefore, I am using preg_match to remove those characters prior to decode. For some reason, preg_match is changing escaping when it encounters following substring (in the middle of the string)
{content: \\\"\\200B\\\"}
After preg_match the above string looks like this:
{content: \\"\200B\\"}
Because of this, json_decode fails.
FYI, the preg_match pattern looks like this:
(?<=remove_these_leading_char)(.*)(?=remove_these_trailing_char)
OK, so here is the additional information based on the questions being asked:
Why triple escaping? fix triple escpaing etc. The answer is that I don't have any control over it. It is not generated by my code.
The original string is not fully json compliant. It has several leading and trailing characters that need to be removed. Therefore I have to use regex. The format of that string is like this:
returnedHTMLdata({json_object},xx);
It looks like this behavior is not limited to preg_match only. Even substr also does this.
It looks like you've got some JSON with padding. To remove the function name and parenthesis, leaving the (unescaped) json object, you can do something like this:
$str = <<<'EOS'
returnedHTMLdata({content: \\\"\\200B\\\", foo: \\\"bar\\\", \"baz\": \\\"fez\\\"},xx);
EOS;
$str = preg_replace('/.+?({.+}).+/','$1', $str);
echo $str;
Output:
{content: \\\"\\200B\\\", foo: \\\"bar\\\", \"baz\": \\\"fez\\\"}
Please note that even if you manage to successfully unescape this string, json_decode requires that keys - e.g. "content" - are enclosed in double quotes, so you will need to modify the JSON string/object before calling that function. Or I guess you could instead use something like the old Services_JSON package to decode it, which I believe does not have that requirement.
I am working on a project and a lot of my variables need to contain special characters such as {}[].'"!?/\=+- and many more what is the safest way to pass these variables back and forth between SQL, PHP, and output? and how can I prevent a variable from interfering with my code? Ie:
<?php
echo $var;
echo '$var';
echo "$var";
?>
The best way would be to URL encode your data as soon as it is supplied. Then store it and when you are using it, urldecode it.
Something like
string urlencode ( string $str )
To encode and
string urldecode ( string $str )
To decode. This changes your "special" characters into safe characters.
In PHP, the name of a variable cannot contain special characters (other than the initial dollar sign $ and underscores _). The value of a variable can contain whatever you'd like so long as you follow the rules of defining PHP strings.
The variable values won't interfere with your code. If you're concerned about it interfering with your output HTML, use htmlspecialchars as Rocket Hazmat suggested in the comments.
You can use PDO/MYSQL for isnerting the data into the database..
For converting into html entites you can use htmlchars() function.
An example:
<?php
${'[\*var'} = 1;
echo ${'[\*var'};
https://3v4l.org/5Dr93
For some reason when preg_replace sees ¬ in string and replaces it with ¬:
$url= "http://something?blah=2&you=3&rate=22¬hing=1";
echo preg_replace("/&rate=[0-9]*/", "", $url) . "<br/>";
But the output is as follows:
http://something?blah=2&you=3¬hing=1 // Current result
http://something?blah=2&you=3¬hing=1 // Expected result
Any ideas why this is happening and how to prevent it?
& has special meaning when used URIs. Your URI contains ¬, which is a valid HTML entity on its own. It's being converted to ¬, hence causing the trouble. Escape them properly as ¬ to avoid this problem. If your data is fetched from elsewhere, you can use htmlspecialchars() to do this automatically.
Use this & in place of this &
because your &no has special meaning
use this url :
http://something?blah=2&you=3&rate=22¬hing=1
and then do your replace accordingly
Here's the issue I'm having:
if($id!="") return true; else return false;
I know that $id is an empty string, but when I do var_dump($id), I get string(25)""
for some reason, though the string is empty, it still seems to think it's length is 25. I've tried if(!empty($id)) and that also doesn't work.
How can I change the value of the string to be string(0)"" if it really is blank?
I've tried using trim() to remove whitespace, but there isn't any whitespace.
It could be whitespace which isn't displayed by the browser. Use trim() to remove it:
$id = trim($id);
PHP allows for binary strings. The reason it's not showing as empty is because it isn't empty. Your string probably contains \0 characters, or other unprintables or zero-size characters. You could try using trim(), but I can't guarantee that it'll strip strange characters out.
How can I test if a string is URL encoded?
Which of the following approaches is better?
Search the string for characters which would be encoded, which aren't, and if any exist then its not encoded, or
Use something like this which I've made:
function is_urlEncoded($string){
$test_string = $string;
while(urldecode($test_string) != $test_string){
$test_string = urldecode($test_string);
}
return (urlencode($test_string) == $string)?True:False;
}
$t = "Hello World > how are you?";
if(is_urlEncoded($sreq)){
print "Was Encoded.\n";
}else{
print "Not Encoded.\n";
print "Should be ".urlencode($sreq)."\n";
}
The above code works, but not in instances where the string has been doubly encoded, as in these examples:
$t = "Hello%2BWorld%2B%253E%2Bhow%2Bare%2Byou%253F";
$t = "Hello+World%2B%253E%2Bhow%2Bare%2Byou%253F";
i have one trick :
you can do this to prevent doubly encode.
Every time first decode then again encode;
$string = urldecode($string);
Then do again
$string = urlencode($string);
Performing this way we can avoid double encode :)
Here is something i just put together.
if ( urlencode(urldecode($data)) === $data){
echo 'string urlencoded';
} else {
echo 'string is NOT urlencoded';
}
You'll never know for sure if a string is URL-encoded or if it was supposed to have the sequence %2B in it. Instead, it probably depends on where the string came from, i.e. if it was hand-crafted or from some application.
Is it better to search the string for characters which would be encoded, which aren't, and if any exist then its not encoded.
I think this is a better approach, since it would take care of things that have been done programmatically (assuming the application would not have left a non-encoded character behind).
One thing that will be confusing here... Technically, the % "should be" encoded if it will be present in the final value, since it is a special character. You might have to combine your approaches to look for should-be-encoded characters as well as validating that the string decodes successfully if none are found.
I think there's no foolproof way to do it. For example, consider the following:
$t = "A+B";
Is that an URL encoded "A B" or does it need to be encoded to "A%2BB"?
well, the term "url encoded" is a bit vague, perhaps simple regex check will do the trick
$is_encoded = preg_match('~%[0-9A-F]{2}~i', $string);
What about:
if (urldecode(trim($url)) == trim($url)) { $url_form = 'decoded'; }
else { $url_form = 'encoded'; }
Will not work with double encoding but this is out of scope anyway I suppose?
There's no reliable way to do this, as there are strings which stay the same through the encoding process, i.e. is "abc" encoded or not? There's no clear answer. Also, as you've encountered, some characters have multiple encodings... But...
Your decode-check-encode-check scheme fails due to the fact that some characters may be encoded in more than one way. However, a slight modification to your function should be fairly reliable, just check if the decode modifies the string, if it does, it was encoded.
It won't be fool proof of course, as "10+20=30" will return true (+ gets converted to space), but we're actually just doing arithmetic. I suppose this is what you're scheme is attempting to counter, I'm sorry to say that I don't think there's a perfect solution.
HTH.
Edit:
As I entioned in my own comment (just reiterating here for clarity), a good compromise would probably be to check for invalid characters in your url (e.g. space), and if there are some it's not encoded. If there are none, try to decode and see if the string changes. This still won't handle the arithmetic above (which is impossible), but it'll hopefully be sufficient.
#user187291 code works and only fails when + is not encoded.
I know this is very old post. But this worked to me.
$is_encoded = preg_match('~%[0-9A-F]{2}~i', $string);
if($is_encoded) {
$string = urlencode(urldecode(str_replace(['+','='], ['%2B','%3D'], $string)));
} else {
$string = urlencode($string);
}
send a variable that flags the decode when you already getting data from an url.
?path=folder/new%20file.txt&decode=1
In my case I wanted to check if a complete URL is encoded, so I already knew that the URL must contain the string https://, and what I did was to check if the string had the encoded version of https:// in it (https%3A%2F%2F) and if it didn't, then I knew it was not encoded:
//make sure $completeUrl is encoded
if (strpos($completeUrl, urlencode('https://')) === false) {
// not encoded, need to encode it
$completeUrl = urlencode($completeUrl);
}
in theory this solution can be used with any string that has characters that gets encoded, as long as you know part of the string (https:// in this example) will always exists in what you are trying to check.
I am using the following test to see if strings have been urlencoded:
if(urlencode($str) != str_replace(['%','+'], ['%25','%2B'], $str))
If a string has already been urlencoded, the only characters that will changed by double encoding are % (which starts all encoded character strings) and + (which replaces spaces.) Change them back and you should have the original string.
Let me know if this works for you.
I found.
The url is For Exapmle: https://example.com/xD?foo=bar&uri=https%3A%2F%2Fexample.com%2FxD
You need Found $_GET['uri'] is encoded or not:
preg_match("/.*uri=(.*)&?.*/", $_SERVER['REQUEST_URI'], $r);
if (isset($_GET['uri']) && urldecode($r['1']) === $r['1']) {
// Code Here if url is not encoded
}
private static boolean isEncodedText(String val, String... encoding) throws UnsupportedEncodingException
{
String decodedText = URLDecoder.decode(val, TransformFetchConstants.DEFAULT_CHARSET);
if(encoding != null && encoding.length > 0){
decodedText = URLDecoder.decode(val, encoding[0]);
}
String encodedText = URLEncoder.encode(decodedText);
return encodedText.equalsIgnoreCase(val) || !decodedText.equalsIgnoreCase(val);
}