I have a php page which get response from another page as shown:
while($response!=200)
{
$response = include 'xyz.php?one='.$one.'&two='.$two.'&three='.$three.'';
}
But my link always get's something like:
domainname.com/xyz.php?one=content&two=content&three=content
And due to & getting replaced by & I am getting the page not found issue.
I have tried using %26 and directly putting & instead of &, all in vain.
Is there any other simple solution besides using string replace function of PHP to remove & and replace it with &
Check out html_entity_decode
$response = html_entity_decode($response)
I ran a test based on the code you sent and I don't have a problem. That suggests you have something auto-magical going on in your *.ini file (magic quotes, maybe... ugh...). Try to create the string simply as a variable to remove it from the filename context and echo it out to be sure it's right, then use the variable with your include.
$one = 'abc';
$two = 'def';
$three = "ghi";
$file= 'xyz.php?one='.$one.'&two='.$two.'&three='.$three;
echo "\n\n".$file;
$response = include $file;
You can't use URL parameters when accessing a local file, they have to go through the webserver. Try:
$response = file_get_contents("http://localhost/path/to/xyz.php?one='.$one.'&two='.$two.'&three='.$three);
Related
I want to get the last part of an url that looks like this:
http://localhost:8888/blog/public/index.php/categories/Horror
I've tried it with
$endOfUrl = end(explode('/',$url));
but the thing is I get a notice that "Only variables should be passed by reference"
I need this "Horror" to get it's ID in my database and get all the posts with this id, since I'm trying to code a blog to get experience with php.
Another question linked to this: Is it possible to make it dynamic so it can be used for all the other categories as well? Or do I have to do this for every single category?
I'm new to the world of php so I would really appreciate it if someone could help me on this.
Try like this way for end() but If I were you I will try basename() to get my job done.
<?php
$url = 'http://localhost:8888/blog/public/index.php/categories/Horror';
$exploded = explode('/',$url);
$endOfUrl = end($exploded);
echo $endOfUrl;
?>
Reason why it is not working on single line:
end() requires a reference, because it modifies the internal
representation of the array (i.e. it makes the current element pointer
point to the last element).The result of explode('.', $url) cannot be
turned into a reference and this is a restriction in the PHP language itself.
DEMO: https://3v4l.org/ttKui
Using basename(),
$url = 'http://localhost:8888/blog/public/index.php/categories/Horror';
echo basename($url);
DEMO: https://3v4l.org/pt2cQ
So I am trying to open an image from a URL using PHP but nothing seems to work. Here is my code. All i get is a blank box and I have tried with multiple links.
This is what I get for any URL I use. Any ideas? Any responses are greatly appreciated
<?php
header('Content-type: image/jpeg;');
$p = 'https://cdn.shopify.com/s/files/1/0094/2252/products/KithxAspenUltraBoostMidMulti-1_grande.jpg?';
$a = file_get_contents('$p');
echo $a;
?>
Don't use single qoutes, in this case, because then your $p var get litteral value (just string :$p)
, you need this:
$a = file_get_contents($p);
(or double quotes).
Ho you all, I've got a script in a Wordpress post that sends the value of 4 variable to a URL.
The fact is that since natively WordPress converts & to &, the URL that is meant to recive those variable cannot get them, since the final URL will be
http://localhost/php/add.php?a=VALUE1&b=VALUE2&c=VALUE3&d=VALUE4
instead of http://localhost/php/add.php?a=VALUE1&b=VALUE2&c=VALUE3&d=VALUE4
Now I know that it is possible to fix this problem by commenting to lines in wp-includes/formatting.php, but I'm looking for a PHP function that can convert the URL with '&' to an URL with just '&'.
Is it possible? Thanks!
You will need to use htmlspecialchars_decode(). Consider this example:
$url = 'http://localhost/php/add.php?a=VALUE1&b=VALUE2&c=VALUE3&d=VALUE4';
$url = htmlspecialchars_decode($url);
echo $url;
// http://localhost/php/add.php?a=VALUE1&b=VALUE2&c=VALUE3&d=VALUE4
Trying to use a $_GET['url'] variable to grab data from a URL:
http://mysite.com/?url=http://this.is/?q=an&?example=url
What I want above is bolded, but sadly the $_GET['url'] will only get "http:// this.is/?q=an" because the & makes it interpret it as the beginning of a new variable within the URL.
Is there a way to ignore the ampersands so my script can get the entire URL I need it to? The URL that is appended to ?url= is not within my limits to control so most work but some do contain the dreaded &. After reading questions on Stack Overflow I'm not holding out much hope :(
If you have absolutely no control over the arguments placed on the query string (for whatever reason), you can also do this by manually parsing the $_SERVER['QUERY_STRING'] varible, e.g.
$page = str_replace("url=", "", $_SERVER['QUERY_STRING']);
Of course, if possible, you should encode it using the answers posted by everyone else.
Use urlencode()
$get_url = urlencode('http://this.is/?q=an&?example=url');
$url = 'http://mysite.com/?url=' . $get_url;
If you can't control the query string, you could use
$query = $_SERVER['QUERY_STRING'];
$pos = strpos($query, "url=");
if ($pos !== false) {
$url = substr($query, $pos + 4);
}
This code returns everthing after url=
If you have the possibility,you should encode the url with urlencode to create a clean url.
If you don't do this, you get eventually an server error, with strange urls and you can't pass more than one url(because everything after the url= is interpreted as url)
Here is the tested code:
if (!empty($_GET['url'])) {
echo $_GET['url'].'<br />';
}
$url = urlencode('http://this.is/?q=an&?example=url');
echo 'LINK';
Hope it will help you.
I get a string, from an external clientside script, which must later be attached as part of an url. Now I am wondering what is the best way to santitize such data?
The string I get will have a structure like this:
dynamicVal#staticVal:dynamicVal
This value will then be added to an url:
http://the-page.com/dynamicVal#staticVal:dynamicVal
The url is then used as followed:
$link = htmlspecialchars("http://external-page.com/dynamicVal#staticVal:dynamicVal", ENT_QUOTES);
$var = "'Open URL'";
Problem is, htmlspecialchars wont help to prevent execution of random javascript code, e.g. by adding this alert to the value:
dynamicVal#staticVal:dynamicVal'+alert(\"breakout\")+'
Using rawurlencode wont help either, because it is not a value of a parameter but a real part of the url.
So what is the best way to sanitize the passed string when concatenating to the url?
Thanks in advance.
Edit:
Using rawurlencode only on the dynamic parts actually also didn't solve the issue, the javascript still got executed.
Test snippet:
$splitVal = "#staticVal:";
$tmpArr = explode($splitVal, "dynamicVal#staticVal:dynamicVal'+alert(\"breakout\")+'");
$link = htmlspecialchars(sprintf("http://external-page.com/"."%s$splitVal%s", rawurlencode($tmpArr[0]), rawurlencode($tmpArr[1])), ENT_QUOTES);
echo "'Open URL'";
Edit2:
Using json_encode when passing the string as javascript argument didn't help either.
Adapted test snippet:
$splitVal = "#staticVal:";
$tmpArr = explode($splitVal, "dynamicVal#staticVal:dynamicVal\"+alert('breakout')+\"");
$link = htmlspecialchars(sprintf("http://external-page.com/"."%s$splitVal%s", rawurlencode($tmpArr[0]), rawurlencode($tmpArr[1])), ENT_QUOTES);
echo "'Open URL'";
Adaptions done:
Switched the quotes in the malicous JS.
Moved htmlspecialchars around json_encode, because a double quoted string gets returned which would break the html otherwise.
You should use urlencode() for this. Not on the whole string but on the dynamic parts only.
$link = sprintf('http://external-page.com/%s#staticVal:%s', urlencode('dynamicVal'), urlencode('dynamicVal'));
$var = "'Open URL'";
EDIT:
OK - I see your problem. I didn't realize that you insert the code into a JavaScript function call. You'll have to ensure that the JavaScript interpreter treats your link as a string argument to window.open():
$link = sprintf('http://external-page.com/%s#staticVal:%s', urlencode('dynamicVal'), urlencode('dynamicVal'));
$var = "'Open URL'";
For completenes, I was able to solve that issue by simply putting addslashes on the dynamic part before using rawurlencode.
Both function calls are needed to prevent breaking out. Using addslashes prevents normal quotes (',") and rawurlencode prevents already encoded quotes (%29,%22) to cause harm.
So final solution looks like this:
$splitVal = "#staticVal:";
$tmpArr = explode($splitVal, "dynamicVal#staticVal:dynamicVal'+alert(\"breakout\")+'");
$link = htmlspecialchars(sprintf("http://external-page.com/"."%s$splitVal%s", rawurlencode(addslashes($tmpArr[0])), rawurlencode(addslashes($tmpArr[1]))), ENT_QUOTES);
echo "'Open URL'";