I am trying to display a URL stored in mysql as a link in php table like this
echo "<td>Resume</td>";
where $row['resume'] retrieves correct data using mysql_fetch_array
However the whitespace between file link gets truncated automatically
for example my file name is "this is a resume.doc" i only get "this" in link
help.
You need to place quotes around your href attribute.
echo "<td>Resume</td>";
You need to do several things:
Escape characters with special meaning in URLs using urlencode
Escape characters with special meaning in HTML using htmlspecialchars
Quote attribute values
Such:
$url = htmlspecialchars( urlencode( $row['resume'] ) );
echo "<td><a href='$url'>Resume</a></td>";
Related
I am working on a project and a lot of my variables need to contain special characters such as {}[].'"!?/\=+- and many more what is the safest way to pass these variables back and forth between SQL, PHP, and output? and how can I prevent a variable from interfering with my code? Ie:
<?php
echo $var;
echo '$var';
echo "$var";
?>
The best way would be to URL encode your data as soon as it is supplied. Then store it and when you are using it, urldecode it.
Something like
string urlencode ( string $str )
To encode and
string urldecode ( string $str )
To decode. This changes your "special" characters into safe characters.
In PHP, the name of a variable cannot contain special characters (other than the initial dollar sign $ and underscores _). The value of a variable can contain whatever you'd like so long as you follow the rules of defining PHP strings.
The variable values won't interfere with your code. If you're concerned about it interfering with your output HTML, use htmlspecialchars as Rocket Hazmat suggested in the comments.
You can use PDO/MYSQL for isnerting the data into the database..
For converting into html entites you can use htmlchars() function.
An example:
<?php
${'[\*var'} = 1;
echo ${'[\*var'};
https://3v4l.org/5Dr93
Am passing a value using href tag
In first page Href tag used as
echo "$compname";
In the Second page used
$compname = $_GET['compna'];
To receive the Compna values are pass but only the first word is passed remaining words are skipped.
Compname as " Chiti Technologies Ltd "
When I pass the value I receive onlt "Chiti"
The reason you're only getting the first word of the company name is that the company name contains blanks. You need to encode the name.
echo "$compname";
You are producing ambiguous/invalid HTML by not quoting the parameter. The result is something like:
<a href=foo bar baz>
Only foo is recognized to belong to href, the rest doesn't. Quote the values:
echo '', htmlspecialchars($compname), '';
Use this code:
echo ''.$compname.'';
You need add quotes for your href, besides, you also need to use urlencode to encode the variable.
echo '' . $compname . '';
change echo "$compname";
to echo "$compname";
When using double quoted strings " you don't need to paste variables in between, you can just type them.
Also, when pasting strings together don't use comma's , but use . to paste strings otherwise you'll get parse errors.
For arrays include them between curly brackets {}
echo "$compname";
I use php to retrive the data from table and ajax to display the result.
When I search using location for the 1st time, I get the result and the pagination is not working, especially for "istanbul".
The reason is the special character '\' added with the address that's taken from Google map.
The URL passed when i go to next page, is
http://www.mysite.com/dropinn/search/\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3"
How to over come this problem?
This is the code that I have written:
$config['base_url'] = site_url('search').'?checkin='.urlencode($checkin).'&checkout='.urlencode($checkout).'&guests='.$nof_guest.'&location='.urlencode($location).'&min_bathrooms='.$min_bathrooms.'&min_bedrooms='.$min_bedrooms.'&min_beds='.$min_beds.'&per_page='.$per_page.'&search_view=1&sort='.$sort;
Using double quotes, you escape \ with another \. If you need to display a \, then you must type \\, or you could use single quotes.
Example: echo "\hello\world"; would need to be echo "\\hello\\world";, or echo '\hello\world';
To escape in php, you must use \\
Try this:
http://www.mysite.com/dropinn/search/\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3\"
Or this:
http://www.mysite.com/dropinn/search/\\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3\"
Or lastly:
http://www.mysite.com/dropinn/search/\\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3\\"
Your question is a little confusing without seeing more code, but those should work.
I am trying to display a URL stored in mysql as a link in php table like this
echo "<td>Resume</td>";
where $row['resume'] retrieves correct data using mysql_fetch_array
However the whitespace between file link gets truncated automatically
for example my file name is "this is a resume.doc" i only get "this" in link
help.
You need to place quotes around your href attribute.
echo "<td>Resume</td>";
You need to do several things:
Escape characters with special meaning in URLs using urlencode
Escape characters with special meaning in HTML using htmlspecialchars
Quote attribute values
Such:
$url = htmlspecialchars( urlencode( $row['resume'] ) );
echo "<td><a href='$url'>Resume</a></td>";
I am retrieving data from my SQL database...
data exactly as it is in the DB = (21:48:26) <username> some text here. is it ok?
when i try and echo $row['log']."<br>";
it displays it as = (21:48:26) some text here. is it ok?
i assume this is due to the <> brackets making it think its an HTML opener... would this be the case? and if so how would one echo a string that contains HTML?
Use htmlspecialchars() to translate HTML control characters into their entities:
echo htmlspecialchars($row['log'])."<br>";
You need to escape the characters so it is not recognized as an HTML element, but as text:
echo htmlentities( $row['log'] ) . '<br/>';
i assume this is due to the <>
brackets making it think its an HTML
opener...
Yes, any construction in <> brackets is treated by web browser as HTML tag. So, you should use either htmlspecialchars() or htmlentities() or some similar custom function to convert "<" and ">" symbols to "<" and ">" strings, which are displayed to user as brackets.
Some more comments:
ALL text data displayed to user must be passed through htmlspecialchars() funciton (or through other function with similar behavior), since "some text" may also contain tags, etc.
Probably it would be better to store date/time, username and "some text" in separate table columns in DB, in order to satisfy relational database constraints. This may require some additional input data parsing.