utf-8 character input fail to PHP regex - php

<?php
if(isset($_GET['textvalue'])){
$string = $_GET['textvalue']; //preg_match return false
//$string = '한자漢字メ'; //preg_match return true
$stringArray = preg_match('/^[\p{L}]{2,30}$/u', $string);
}
?>
<!DOCTYPE html>
<html>
<body>
<form method="GET">
<input type="text" name="textvalue">
<input type="submit">
</form>
</body>
</html>
I'm trying to regex the value from the input.
Unfortunately, every time I submit the characters, preg_match return false. But, if I use the string from the variable, it'll return true.
What going on and how do I fix it?


If anyone ran into this problem, I've found it. You just need to add this meta header:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
I'm not sure why, but with out the codes above, html it send the values to php as a non-utf-8 value. So, then the preg_match try to read it, its reading a different value then what was typed in, thus; it return false.
That's why it work when you just uses the string. HTml is not involved.
note. Even if you try to read by echoing it out, html with return it to its orginal utf-8 value. weird.
Example:
<?php
if(isset($_GET['textvalue'])){
$string = $_GET['textvalue']; //preg_match return false
//$string = '한자漢字メ'; //preg_match return true
$stringArray = preg_match('/^[\p{L}]{2,30}$/u', $string);
}
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<head>
<body>
<form method="GET">
<input type="text" name="textvalue">
<input type="submit">
</form>
</body>
</html>

Related

Returning json from php api

I am new to programming and would like to begin adding more advanced applications to my site. I am trying to call an api with php. I'm having trouble getting it to return json format.
<?php
if(!empty($_GET['hospital_name'])) {
$Hospcomp_url = 'https://data.medicare.gov/resource/rbry-mqwu.json?hospital_name=' . urlencode($_GET['hospital_name']);
$Hospcomp_json = file_get_contents($Hospcomp_url);
json_decode($Hospcomp_json, true);
}
?>
<!DOCTYPE HTML>
<html lang="en">
<head>
<meta charset="utf-8">
<title>CMS</title>
</head>
<body>
<form action="">
<input type="text" name="hospital_name"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>

It seems, you get your result properly but you don't do anything with it. First of all, you don't assign the array decoded from JSON to a variable. And then, you don't echo or process your array otherwise.
Please replace this:
json_decode($Hospcomp_json, true);
with something like this:
$decoded = json_decode($Hospcomp_json, true);
var_export($decoded);
Then you'll have your output and you will be able to decide what to do next.

Calls are correct, just var_export it.
if(!empty($_GET['hospital_name'])) {
$Hospcomp_url = 'https://data.medicare.gov/resource/rbry-mqwu.json?hospital_name=' . urlencode($_GET['hospital_name']);
$Hospcomp_json = file_get_contents($Hospcomp_url);
var_export(json_decode($Hospcomp_json, true));
}

php not sense to special characters

<?php
mb_detect_order('UTF-8,eucjp-win,sjis-win');
mb_internal_encoding('UTF-8');
echo mb_internal_encoding();
function convert($a) str_replace('â','a',$string);
$e=$_POST['aaa'];
?>
<!doctype html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" >
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
</head>
<form method="post" action="#">
<textarea id="aaa" name="bbb" placeholder="send" ></textarea>
**mb_internal_encoding(); output: "UTF-8"
textarea input: "âb" || php-output:âb script not convert "â"=>"a"
file is without BOM**
these may be other reasons?? what else can I try?

str_replice('â','a',$string);
should be:
str_replace('â','a',$string);

some typos there :
function convert($a) str_replice('â','a',$string);
should be :
function convert($a){return str_replace('â','a',$a);}
not replice(),$string should be $a , also if you want to see the output from the function you should return it.
so when you call:
<?php echo convert("â");?>
it would output just fine

How do I pass a session variable correctly?

I'm really new to PHP, and I'm trying to use the simple captcha mentioned in this question
Numeric Captcha for PHP
What I'm trying to do is pass the $_SESSION['captcha'] to my current page, so it can compare with the input I just entered which is supposed to pass by the "form".
Here's my code:
<?php
if(isset($_POST['captcha'] ,$_SESSION['captcha'])) {
if ($_POST['captcha'] == $_SESSION['captcha'])
echo 'YES, YOU DID IT';
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>captcha test</title>
</head>
<body>
<form name="input" action="index.php" method="POST">
<img src="captcha.php">
Enter the code above: <input type="text" name="captcha">
<input type="submit" value="Submit">
</form>
</body>
</html>
What's the correct way to do this? How can I implement the captcha in my current code?

A few things fixed here:
First you did not use a session_start() to actually retrieve $_SESSION values. Added here.
Next, you should check if the values are not empty by using !empty() in addition to isset(). Added here as well.
Finally, I recommend you use === comparison operator instead of ==. While == will check if values are the same, === will check if they are the same and the same data type.
Here is the cleaned up code:
<?php
session_start();
if (isset($_POST['captcha'], $_SESSION['captcha']) &&
!empty($_POST['captcha']) && !empty($_SESSION['captcha'])) {
if ($_POST['captcha'] === $_SESSION['captcha']) {
echo 'YES, YOU DID IT';
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>captcha test</title>
</head>
<body>
<form name="input" action="index.php" method="POST">
<img src="captcha.php">
Enter the code above: <input type="text" name="captcha">
<input type="submit" value="Submit">
</form>
</body>
</html>
If this still does not work for you, you can dump the values of $_POST and $_SESSION like this to see what you are getting:
echo '<pre>';
print_r($_POST);
echo '</pre>';
echo '<pre>';
print_r($_SESSION);
echo '</pre>';

You didn't add session_start() at the 1st line, thus the $_SESSION is empty.
Side Note:
You mixed up XHTML and HTML. xmlns is not required for HTML.
DOCTYPE is missing

You need to start your session with
session_start();
as a first call before your script has any output.
See documentation: http://php.net/manual/en/function.session-start.php

How to stop HTML text in textarea to be interpreted as code

I have a textarea that users can edit. After the edit I save the text in a PHP variable $bio. When I want to display it I do this:
<?php
$bio = nl2br($bio);
echo $bio;
?>
But if a user for example types an HTML command like "strong" in their text my site will actually output the text as bold. Which is nothing I want.
How can I print/echo the $bio on the screen just as text and not as HTML code?
Thanks in advance!

Replace echo $bio; with echo htmlspecialchars($bio);
http://php.net/htmlspecialchars

When you output text to the html / the browser and you want to make sure that the output does not break the html, you should always use htmlspecialchars().
In your case you do want to show the <br> tags, so you should do that before you add them:
$bio = nl2br(htmlspecialchars($bio));
You can also use strip_tags() to get rid of the html tags altogether, but you would still need to use htmlspecialchars() so that for example a < character will not break your html.

You can also use htmlentites()
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title></title>
</head>
<body>
<form method="POST" action="">
<p><textarea rows="8" name="bio" cols="40"></textarea></p>
<p><input type="submit" value="Submit"></p>
</form>
<p>Result:</p>
<?php echo isset($_POST['bio']) ? htmlentities($_POST['bio']) : null; ?>
</body>
</html>
So like:

PHP - GET Method adds unnecessary additions symbols to URL

I looked around Stack Overflow for the recommended method type for PHP; either the GET or POST method. Recommended by the community, the GET method seems to be a good idea for passing queries for a simple search engine.
Unfortunately, the GET method adds unnecessary addition symbols to the URL to indicate spaces. Basically, a aesthetic issue.
I tried the trim() function to lessen the spaces, however, that is only called after the data is submitted and the URL is already set with the parameters.
Here is a the index.php file I think is not cooperating with me.
<?php $query = ""; ?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<form action="index.php" method="GET">
<input type="text" name="query" placeholder="Enter Query">
<input type="submit" text="Search">
</form>
<?php
$query = $_GET['query'];
print $query;
?>
</body>
</html>
A example, if needed. If I type into the search bar this query...
sample 1
The URL will be formed this way...
http://localhost/search/index.php?query=sample++++++++++++++1
Is there a way to fix this problem or is the POST method the only way to circumvent this problem?

You will need to use the POST method.
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<form action="index.php" method="POST">
<input type="text" name="query" placeholder="Enter Query">
<input type="submit" text="Search">
</form>
<?php
$query = $_GET['query'];
print $query;
?>
</body>
</html>

Use urlencode or str_replace.
urlencode will replace all spaces with plus symbols, and with str_replace you can replace either underscores with plus symbols, or spaces with minus symbols.
Replace spaces with underscores: str_replace(' ', '_', $url);
Urlencode your $_GET*: urlencode($url);

Categories