I am trying to hit a URL after generating the data to be filled for the parameters that are passed in URL using Python in back end. So the flow is:
User lands on a page with a form having some drop downs.
Python code in the backend reads the content from a file and returns single output based on some conditions for each of the dropdown.
User hits the submit button with the data.
The data gets generated correctly but when I hit submit button, I get %0D%0A characters at the end of the parameter values in the URL
E.g., sample.php?param1=20%0D%0A¶m2=50%0D%0A
How do I get rid of these values as this is causing trouble with the other code where I am using these values?
I take it you read the data from a file, so probably reading the file causes the line endings to be read as well.
In any case, try using strip() or rstrip() in your Python code to remove all/trailing whitespace before your assemble the target URL.
I understand that it's actually a PHP script that assembles the URL. In that case, use PHP's trim() function on the variables you use to assemble the URL.
For example: Assume that $val1 and $val2 are read from a file or some other place. Then the following line assembles above URL stripping whitespace from $val1 and $val2.
$url = "sample.php?param1=" . trim($val1) . "¶m2=" . trim($val2);
Some browsers do that automatically, you can try decoding it back using urldecode()
http://php.net/manual/en/function.urldecode.php
Try this :
<?Php
$str = "Your Inputed Value or string"
$url = str_replace(" ","-", $str);
?>
Link Menu
Related
I want to use the GET method to send a string to the receive page, but if the string includes '#', the receiver page can only get the sub string before the '#'.
As the following example:
test
When I click the 'test' link to open the 'test.php' page, which has the following code:
<?php
if(isset($_GET["q"])) {
echo $_GET["q"];
}
?>
It only display 'string1' on the page, '#string2' is missing.
So I want to know what happened to the string, and how to fix this problem.
Thank you for any help!
=======Update===========
With the help of #Eric Shaw and #JP Dupéré, I know how to fix this problem.
The simplest way is encoding the string before using the get method.
To encode the query string, you can:
use urlencode() in PHP, and urldecode() can decode the string.
use encodeURIComponent() in JavaScript, and decodeURIComponent() can decode the string.
Try
urlencode("string1#string2")
before calling GET.
The #foo is used to jump to an <a name="foo"/> tag on the page, rather than viewing the top of the page when the browser loads it.
The stuff after the # is processed by the browser and NOT sent to the server.
You can escape the # and the escaped version will be sent to the server, i.e.
test
will do what you want I think
This escaping is also a common technique to get the # passed along in the URL for redirectors.
Using window.location.hash (used to pass in ID for page) returns something like the following:
Also, for people asking why I used window.location.hash instead of window.location.href is because window.location.href started looping infinitely for some reason, and .hash does not. I don't think this should be a big deal, but let me know if it is and if I need to change it.
http://website.com/NewPage.php#?name=1418019307305
[The string of numbers is actually epoch system time]
When using PHP to try to retrieve this variable It is not picking up any text in the file It's supposed to write to.
<?php
$myfile = fopen("File1.txt","w");
echo $_GET['name'];
fwrite($myfile, $_GET['name']);
fclose($myfile);
?>
Try to print $_SERVER variable and it will give you the array and in the desired key you can get the values. It can help you to find that variable in the string.
If you want to get the value after the hash mark or anchor, that isn't possible with "standard" HTTP as this value is never sent to the server. However, you could parse a URL into bits, including the fragment part, using parse_url().
This should do the trick:
<?php
$name_query = parse_url("http://website.com/NewPage.php#?name=1418019307305");
$get_name = substr($name_query['query'], strpos($name_query['query'], "=") + 1);
echo $get_name;
?>
Working example: http://codepad.org/8sHYUuCS
Then you can use $get_name to store "name" value in a text file.
The hash tag is a fragment that never gets processed by the server, but rather the user-agent, i.e. the browser, so JavaScript may certainly access it. (See https://www.rfc-editor.org/rfc/rfc3986#section-3.5). PHP does allow you to manipulate a url that contains a hash tag with parse_url(). Here's another way to get the info:
<?php
$parts = parse_url("http://website.com/NewPage.php#?name=1418019307305");
list(,$value) = explode("=",$parts['fragment']);
echo $value; // 1418019307305
The placement of the hash tag in this case wipes out the query string so $_SERVER['QUERY_STRING'] will display an empty string. If one were to rewrite the url following best practice, the query string would precede the hash tag and any info following that mark. In which case the script for parsing such a url could be a variation of the preceding, as follows:
<?php
$bestPracticeURL = "http://website.com/NewPage.php?name=1418019307305#more_data";
$parts = parse_url( $bestPracticeURL );
list(,$value) = explode("=", $parts['query']);
$hashData = $parts['fragment'];
echo "Value: $value, plus extra: $hashData";
// Value: 1418019307305, plus extra: more_data
Note how in this case parse_url was able to capture the query string as well as the hash tag data. Of course, if the query string had more than one key and value, then you might need to explode on the '&' into an array and then explode each array element to extract the value.
I have a little static function so that I can easily build html valid urls on my local website, it is below;
public static function url($path = false) {
// Build return url with special html characters escaped
return 'http://127.0.0.1/' . htmlspecialchars($path);
}
I have two urls one inside an anchor and another is inside a form action, they are below;
Root::url('test?category=' . $category . '&index=' . $index) // Href
Root::url('test?category=' . $_GET['category'] . '&index=' . $_GET['index']) // Form
GET === $, you can see inside my static function that I use htmlspecialchars to escape special html characters from my url.
The anchor one returns a valid link and works as expected. The form one however returns the following, as in when I click on the form submit, my url in my browser is as follows.
http://127.0.0.1/test?category=innate&index=0
Why is this? My website breaks because it is dependant on the GET parameters being valid.
Thanks for your time, hope this made sense.
EDIT
I insert the return value of the function call straight into my form action,
<form
action="<?= Root::url('test?category=' . $_GET['category'] . '&index=' . $_GET['index']); ?>"
method="post">
EDIT
The form html is as follows;
<form action="http://example.com/test?category=innate&index=0" method="post">
The anchor html is as follows
<a href="http://example.com/test?category=innate&index=0">
Could it be something to do with the server sending a POST request even though I have GET parameters?
EDIT #3
Ok so it has something to do with my function or what I am passing in, I hard typed in the url in the form submit and it worked, no problems, which means it can only be what my function is returning.
I myself cannot see what I may be!
ANSWER
After the form was being submitted, I was redirecting to the same page using header to counter form resubmission. The string for the header was being generated by Root::url().
Two hours this took me to figure out, but boy does it feel good!
Normally you wouldn't add a query string to a POST URL. It's not forbidden, though, it may only be somewhat confusing, especially if you use $_REQUEST (which you don't, it seems).
I don't know why your browser shows an uninterpreted &, it should interpret it.
Your problems are likely due to one of these:
a bad browser - try another one
bad content of the form input fields
other
This is quite logic.
I assume your url() method looks like this:
url($string){
echo htmlspecialchars($string);
}
Let's have a look at the $string you are passing:
'test?category=' . $_GET['category'] . '&index=' . $_GET['index'];
As I see in your output, replacing the values, the final string before htmlspecialchars() occur would be:
'test?category=innate&index=0' and after it: test?category=innate&index=0
What happened here? you first concatenated the string, and then htmlspecialchars()'ed the & used to separate the parameters. And to not break the url, you don't want to convert THAT '&'.
Also to sanitize the url you shouldn't use htmlspecialchars() because most html entities would convert to somthing like & + somename + ; for example the Euro symbol would convert to € and you don't want the actual & symbol in your url, the browsers will interpret it as you have another new parameter awaiting.
You should use urlencode(), which will convert your & into: %26 , also, the function's name is self-explanatory, it's encoding a string to use on a URL.
Still, you want the & to separate the parameters, but not in the $GET values. What should we do? to urlencode the values before concatenating the string. I would suggest a method like this one:
function url($page, $get){
$parameters = array();
foreach($get as $k => $v) $parameters[] = urlencode($k)."=".urlencode($v);
//We are concatenating with ? and & the urlencoded() values in the next line:
echo urlencode($page).'?'.implode('&', $parameters);
}
url('test', $_GET); // outputs: test?category=innate&index=0
This would get rid of the special chars from a form's field names and values.
I noticed you will use 2 fixed parameters, category and index, so the method could be like this:
function url($page, $get){
$page = urlencode($page);
$category = urlencode($get['category']);
$index = urlencode($get['index']);
echo "$page?category=$category&index=$index";
}
Hope this is what you needed
I have a download page that take arguments like the download URL, the download-counter data file url, and the page to return to after downloading.
It is arranged like so:
start.php?url=...&page=...&file=...
(Download url, redirect page, counter file)
The problem is, when the redirect page contains PHP arguments with ? and & symbols, the URL becomes a confusing mess for PHP to work with.
Example:
start.php?url=URLTEXT&page=page?test1=x&test2=xx&file=FILETEXT
What should happen:
url=URLTEXT
page=page?test1=x&test2=xx
file=FILETEXT
what happens:
url=URLTEXT
page=page?test1=x
test2=xx
file=FILETEXT
How could I substitute characters or somehow make these arguments pass correctly in php?
Thanks for any help you can give.
Well, I'm not sure how your "messed up" URL looks like. However the string after the "?" is called Query String, and you can decode/encode it with
urlencode($normalString); //will be encoded for use in URL
urldeocde($queryString); //will be decoded for "normal" use
EDIT:
Here is some short example:
echo "Encode for use in URL: ";
echo urlencode("this is a string & üäöllasdlk<bbb2");
echo "<br />";
echo "Decode to use it in your script: ";
echo urldecode($_SERVER['QUERY_STRING']);
Output:
Encode for use in URL:
this+is+a+string+%26+%C3%BC%C3%A4%C3%B6llasdlk%3Cbbb2
Decode to use it in your script: test=12
(Assuming you have a Querystring containing the variable test=12)
Just use htmlspecialchars function on your URL string:
http://php.net/manual/en/function.htmlspecialchars.php
I'm sending a php script multiple urls (about 15) at once, all containing about 5 url variables. In my script, I'm parsing the chunk of urls into individual ones by splitting them with two backslashes (which i add upon before to the script), and then curling each individual url. However, when I run my script, it only accepts a url up to the "&" symbol. I'd like to have the entire chunk, so that I can split it up later in my script. What might be the best way to approach this issue?
Thanks.
An example of what happens when i send my script a url chunk:
<?php
/*
$url variable being sent to script:
http://www.test1.com?q1=a&q2=b&q3=c&q4=d\\http://www.test2.com?r1=a&r2=b&r3=c&r4=d\\http://www.test3.com?q1=a&q2=b&q3=c&q4=d\\http://www.test4.com?e1=a&e2=b&e3=c&e4=d
*/
$url = $_GET['url'];
echo $url; // returns http://www.test1.com?q1=a
//later on in my script, i just need to curl each "\\" seperated url
?>
You need to urlencode() the (data) URLs before appending them to your script's request.
Otherwise, PHP is going to to see ?listOfUrls=http://someurl.com/?someVar=SomeVal& and stop right there, due to the literal "&"
If you're building the query string in PHP you could try something like:
<?PHP
//imagine $urls is an array of urls
$qs = '?urls=';
foreach($urls as $u){
$q .= urlencode($u) .'\\';
}
I also suspect you can play with [] notation in the url so that on the other side of the GET, you get a nice clean array of URLs back, instead of having to parse on some delimiter like "\"
Since you didn't url encode your url param, everything after the first & is treated as the param to the original url.
The $_GET array is formed by splitting on ampersands. URL-encode the URLs before passing them as parameters. PHP should decode them for you.
Example: pass url=http://www.test1.com?q1=a%26q2=b%26q3=c%26q4=d\\http://www.test2.com?r1=a%26r2=b%26r3=c%26r4=d\\http://www.test3.com?q1=a%26q2=b%26q3=c%26q4=d\\http://www.test4.com?e1=a%26e2=b%26e3=c%26e4=d
You can do away with the '\\' by turning the parameter into an array. Example: use url[]=http://www.test1.com?q1=a%26q2=b%26q3=c%26q4=d&url[]=http://www.test2.com?r1=a%26r2=b%26r3=c%26r4=d&url[]=http://www.test3.com?q1=a%26q2=b%26q3=c%26q4=d&url[]=http://www.test4.com?e1=a%26e2=b%26e3=c%26e4=d