How do I properly escape a href properly in my html anchor tag link and still be able to retrieve the data I send through the url for use in the next page.
My code looks like this:
<a href='course.php?id=".encrypt($courseid)."'>".$result->row('title')."</a>
You need to URL-encode the value to preserve URL-syntax, and since you're putting that URL into HTML you should HTML-encode it too:
printf('%s',
htmlspecialchars(rawurlencode($courseid)),
htmlspecialchars($result->row('title')));
See http://php.net/htmlspecialchars, http://php.net/rawurlencode, http://php.net/printf.
On the other side the value will be available in $_GET['id'] (you do not need to decode it in any way there).
Related
Is it necessary to use htmlspecialchars after calling urlencode like this code:
Click here
Or can I just write this:
Click here
I am trying to add a user-defined string to information passed to a third party via href. So I have something that will look like
Link Text
USERSTRING is known when the page loads so it could be put in the href by php when the page loads, or I can dynamically add it with javascript.
What I don't know is what I need to do to escape any special characters so that the link works and can be read on the other end - USERSTRING could be something really annoying like: [He said, "90% isn't good enough?"] The data is only used in an auto-generated file name so it doesn't need to be preserved 100%, but I'm trying to avoid gratuitous ugliness.
The urlencode() function provides exactly what you are looking for, ie:
Link Text
You need to urlencode it. If the variant of urlencode you end up using doesn't encode '&', '#', '"', and angle brackets as it should then you'll need to HTML encode it too.
When I first submit my search form via $_GET it returns results as expected but when using pagination and submitting it again for page X I see that it converts a portion of my URL and fails.
Here is the before and after URL portion that is changing:
// Before
min_score=1&max_score=10¬_scored=1
// After
min_score=1&max_score=10%AC_scored=1
It's encoding 10& How can I prevent this from happening?
The reason is that ¬ gets intepreted by the browser as ¬. Strict mode or any DOCTYPE might help.
And ¬ simply gets substituted as ¬ then. Which in turn becomes %AC in request urls.
Besides urlencode() on the individual values you should additionally apply htmlspecialchars() on the whole URL before you add it into the <a> tag.
always type urls with
&
instead of &...
I want to display text on the page, the text should look like this:
<sometext> ... but when I echo this, nothing appears!!
How ca I do this?
A "page" is written in HTML, so < means "Start a tag".
You have to represent characters with special meaning in HTML using entities.
You can write them directly, or make use of the htmlspecialchars function.
echo "<sometext>";
echo htmlspecialchars("<sometext>");
You probably want <sometext>.
If that text is coming from user input, you should definitely use htmlspecialchars() on it, to help prevent XSS.
This is because the browser assumes it is an unknown tag. If you want the browser to show it, use:
echo '<sometext>';
or use the htmlentities function like so:
echo htmlentities('<sometext>');
You need to call htmlentities() to convert the HTML metacharacters into something that will display properly.
I am trying to send a variable from a Javascript to a php script but what gets sent is just the first string and the rest is discarded.Dont know what i would be doing wrong.
Here is my code:
<script type="text/javascript">
document.write(<li><a href=../../../../projects/sungrant/view/HistoricalCategory2.php?category=Historical Category 2>Historical Category 2 </a></li>)
</script>
My $_GET['category'] at the server side only prints Historical? Dont know what i may be missing or if there is a better way of passin data from a Javascript to PHP,i will appreciate.
Either wrap your href attribute value in quotes or change the spaces to %20.
href="../../../../projects/sungrant/view/HistoricalCategory2.php
?category=Historical Category 2"
or
href=../../../../projects/sungrant/view/HistoricalCategory2.php
?category=Historical%20Category%202
The reason it doesn't work with spaces is that in valid HTML, attributes are separated by spaces. If you need to use spaces in a HTML attribute value, make sure you wrap the string with quotes. If it's a URL, the browser will do the necessary URL encoding for you.
The problem is with your URL - you havent encoded the spaces so it only picks up the first variable
../../../../projects/sungrant/view/HistoricalCategory2.php?category=Historical Category 2
should be
../../../../projects/sungrant/view/HistoricalCategory2.php?category=Historical+Category+2
or
../../../../projects/sungrant/view/HistoricalCategory2.php?category=Historical%20Category%202