I have this php file resizeImage.php which can be called like this -
http://<domain>/fam/resizeImage.php?&srcImg=<url encoded URL of a remote image>&width=<width>&height=<height>
However, a different module calls the htmlentities encoded version of this URL, in this way -
htmlentities(http://<domain>/fam/resizeImage.php?srcImg=<url encoded url>&width=<width>&height=<height>)
So, following is a sample URL that is called -
http://<domain>/fam/resizeImage.php?srcImg=https%3A%2F%2Flh3.googleusercontent.com%2FVRY0O_3L8VH2wxJSTiKPr72PeM5uhPPFEsHzzYdxenddpTI150M0TYpljnZisQaROR0%3Dh256-rw&width=640&height=960
Now, the request is received by resizeImage.php, but I am unable to get the parameter width using $_REQUEST['width'], but I can do the following -
get htmlentities_decode($_SERVER['REQUEST_URI'])
explode it using & to get the parameter-value pairs.
explode using = to get values against parameters.
So, two things -
I was wondering if this is the proper way to extract the parameters in this scenario.
I do not know the reason why the calling module calls the htmlentities encoded URL. Could there be a better way to suggest them?
You can use PHP's internal functions to parse and decode URLs:
parse_url - parse URL and get the needed components
html_entity_decode - decode html entities
url_decode - decode URL encoded characters
and finally parse_str - to parse parameter string into an associative array
So here's an example code what I'm come up with (you can try it out here):
$parsed = parse_url($url);
parse_str(urldecode(html_entity_decode($parsed['query'], ENT_HTML401)), $tmp);
var_dump($tmp);
...which renders your URL parameters into an associative array:
array(3) {
["srcImg"]=>
string(109) "https://lh3.googleusercontent.com/VRY0O_3L8VH2wxJSTiKPr72PeM5uhPPFEsHzzYdxenddpTI150M0TYpljnZisQaROR0=h256-rw"
["width"]=>
string(3) "640"
["height"]=>
string(3) "960"
}
As for the second part, I think the second module's approach is a little bit safer, since you're placing an URL in an URL's parameter. If you don't want to hassle with parsing and stripping unnessesary parts from the parameter, then encoding the whole is a simple and safe way to keep your URL's out of syntax errors.
In some cases, when people send html code in get parameters htmlentities on single parameters might be ok when it comes to the label, but not for the link itself - they should use urlencode for that:
<a href="htpp://yourdomain.tld/?param1=<?php echo urlencode('<somehtmltag>'); ?>>htpp://yourdomain.tld/?param1=<?php echo htmlentities('<somehtmltag>'); ?></a>
Related
I am using simplexml_load_file function to fetch data from a URL which contains XML content. There are few parameters in URL and simplexml_load_file is working correctly normally.
But there are few parameters which contains & and for these simplexml_load_file function is not working. This is my code. I tried urlencoding function but even this one is not working. This is how my code look like
$api_url = urlencode($api_url);
$xml = simplexml_load_file($api_url);
This is how URL look like
https://atlas.atdw-online.com.au/api/atlas/products?key=MYKEY&ar=Merimbula & Sapphire Coast&cats=ATTRACTION&size=10
In above URL you can see parameter ar has value which contains & and simplexml_load_file is not working for these type of parameters.
Any suggestion regarding this will be much appreciated.
As you can see in your URL, the ampersand (&) has two functions:
As a separator for URL parameters.
As a character that is part of the value of such a parameter.
To avoid the ambiguity that is presented in your question, you generally urlencode() the URL parameter values.
You would then do something like $ar = urlencode('Merimbula & Sapphire Coast');. If you have no control over how the ar parameter is constructed, then you'll have to remove the ampersand from "Merimbula & Sapphire Coast" and replace it with something else (like 'and').
I have a php file which doesn't establish database connection.
When I pass an url as a param like
http://mydomain.com?q=http%3A%2F%2Fmyoranotherdomain.com
It shows a 403 error:
You don't have permision to access blahblah.php file.
And when I remove the http part in param, it's alright like
http://mydomain.com?q=myoranotherdomain.com
How can I let domains be passed in the url as params?
The easiest way is to encode the url with:
string urlencode ( string $str )
http://php.net/manual/en/function.urlencode.php
You also have to do the decode:
string urldecode ( string $str )
http://php.net/manual/en/function.urldecode.php
It's always this methode to encode parameter with special characters.
Final Solution:
I found this: I get a 403 error when submitting "http://www." via GET. Even if it's encoded beforehand. Is there a solution for this?
The answer is to replace the http://www String with something like: htpwwwashere in javascript and replace it again in your php.
The reason - according to the link above - is some security stuff like to prevent injection attacks on the pages they're serving up.
I want to get only URL string in parameter.
So I coded below :
//In my HTML file.
<script>
document.write('<iframe id="ifr1"
src="http://{domain}/prj.php?url=https://www.google.co.kr/search?sugexp=chrome,mod=3&sourceid=chrome&ie=UTF-8&q=url+utf8+encoding#sclient=psy-ab&hl=ko&newwindow=1&prmdo=1&tbm=klg&q=google&oq=google&aq=f&aqi=g10&aql=&gs_l=serp.3..0l10.2207859.2208404.3.2208459.6.4.0.1.1.3.496.1353.2-2j1j1.4.0...0.0.O1lbexylHQM&pbx=1&prmdo=1&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=b8fee9fdb4e7f90&biw=1440&bih=828&a=' +'asdf'+" width="100%" height="100%" frameborder="0"> </iframe>');
</script>
//In my php file
$message = $_GET['url'];
echo("$message");
But I only get 'https://www.google.co.kr/search?sugexp=chrome,mod=3'.
What's wrong?
I want to get whole URL string. Including &,?,or everything else.
You need to use encodeURIComponent to encode the url parameter.
The reason is that you use an encoding into another encoding.
The first is:
prj.php?url=[somedata]
where [somedata] is an URL with another key/value collection:
https://url/etc/search?key1=value1&key2=value2
If the url parameter is not urlencoded there is no way to distinguish the parameters of /prj.php from the parameters of /search, it is assumed that all the parameters defined with &key=value&key=value... syntax belong all to the first page.
The trick is to url-encode the url parameter, but how you do it depends on the context.
If the url is dinamically generated via PHP, use the urlencode() function.
If your url is hard-coded (not generated via PHP), you can write for yourself a little PHP tool to do the job, or use an online encoder like http://www.opinionatedgeek.com/dotnet/tools/urlencode/Encode.aspx
I think I have the need to take a uri which has been decoded in PHP, and re-encode it.
Here is the situation:
JavaScript passes encoded uri as query string parameter to php script.
PHP script embeds uri as a hidden input value in an html document, responds with the document to a user agent.
JavaScript reads embedded uri and sets location of current document based on value of hidden input.
On Step 2, I am finding that the Uri is fully decoded after reading it in via $_GET. So when I embed the uri in the hidden input, it becomes un-encoded. So I would like to run a PHP script which re-encodes the Uri properly ex:
http://my.example.com/dog walk?is=very great
==>
http://my.example.com/dog%20walk?is=very%20great
Is there a pre-built php function for this or should I just write my own?
PLEASE NOTE: urlencode and urldecode are not the answer to get the desired input/output I have in the example above.
Thanks,
Macy
Are you looking for : http://fr.php.net/manual/en/function.urlencode.php ?
I don't know if will help you, but PHP have 3 useful functions:
$url = parse_url('put the url here');
parse_str( $url['query'], $query ); // generating an array by reference (yes, kinda weird)
echo $query; //in this line, you can encode or decode.
or, if you want to mount a query, you can use http_build_query(); that accepts values from an array, like:
$url = 'http://my.example.com/dog walk?';
$array = Array (
'is' => 'very_great',
);
$url_created = $url . http_build_query($array);
urldecode:
http://www.php.net/manual/en/function.urldecode.php
I'm sending a php script multiple urls (about 15) at once, all containing about 5 url variables. In my script, I'm parsing the chunk of urls into individual ones by splitting them with two backslashes (which i add upon before to the script), and then curling each individual url. However, when I run my script, it only accepts a url up to the "&" symbol. I'd like to have the entire chunk, so that I can split it up later in my script. What might be the best way to approach this issue?
Thanks.
An example of what happens when i send my script a url chunk:
<?php
/*
$url variable being sent to script:
http://www.test1.com?q1=a&q2=b&q3=c&q4=d\\http://www.test2.com?r1=a&r2=b&r3=c&r4=d\\http://www.test3.com?q1=a&q2=b&q3=c&q4=d\\http://www.test4.com?e1=a&e2=b&e3=c&e4=d
*/
$url = $_GET['url'];
echo $url; // returns http://www.test1.com?q1=a
//later on in my script, i just need to curl each "\\" seperated url
?>
You need to urlencode() the (data) URLs before appending them to your script's request.
Otherwise, PHP is going to to see ?listOfUrls=http://someurl.com/?someVar=SomeVal& and stop right there, due to the literal "&"
If you're building the query string in PHP you could try something like:
<?PHP
//imagine $urls is an array of urls
$qs = '?urls=';
foreach($urls as $u){
$q .= urlencode($u) .'\\';
}
I also suspect you can play with [] notation in the url so that on the other side of the GET, you get a nice clean array of URLs back, instead of having to parse on some delimiter like "\"
Since you didn't url encode your url param, everything after the first & is treated as the param to the original url.
The $_GET array is formed by splitting on ampersands. URL-encode the URLs before passing them as parameters. PHP should decode them for you.
Example: pass url=http://www.test1.com?q1=a%26q2=b%26q3=c%26q4=d\\http://www.test2.com?r1=a%26r2=b%26r3=c%26r4=d\\http://www.test3.com?q1=a%26q2=b%26q3=c%26q4=d\\http://www.test4.com?e1=a%26e2=b%26e3=c%26e4=d
You can do away with the '\\' by turning the parameter into an array. Example: use url[]=http://www.test1.com?q1=a%26q2=b%26q3=c%26q4=d&url[]=http://www.test2.com?r1=a%26r2=b%26r3=c%26r4=d&url[]=http://www.test3.com?q1=a%26q2=b%26q3=c%26q4=d&url[]=http://www.test4.com?e1=a%26e2=b%26e3=c%26e4=d