I want to post an input box that have single quote inside it to a php file.I've used ' but it sends some backslashes:
<input type="hidden" name="legal_natural" value="$store_info['legal_natural']">
result:
$store_info[\'legal_natural\']
Please tell me how can I avoid backslashes when I post ' to a PHP file?
See this : SO Question
Here's an answer from that question:
Assume you want to send the $content variable instead of just stripping the backslashes, Consider to use urlencode() instead of rawurlencode(). Also, you can use the function once for your $content variable.
$content = urlencode($content);
UPDATE: both urlencode and rawurlencode may not fit your case. Why don't you just send out the $content without URL encode? How do you send our the query string? If you are using cURL, you do not need to encode the parameters.
Related
I am doing a post HTTP request in swift 4.2 and in one of my Strings I put in the parameters contain "&" but apparently the requests gets cut off after this symbol. I thought about replacing every "&" symbol with a unique placeholder and convert it back in PHP.
But is there are more elegant or easy way of doing this?
URL encode your data (and decode it when you need to use it), that will make the ampersand into %26 which will stop it cutting off in your GET request.
You could replace the "&" with "%26" and then it's have to work :)
All Precent-encoding characters:
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
You should probably minimize how much manual percent escaping you do. You might, for example, use URLComponents to build your URL and percent escape it for you:
guard var components = URLComponents(string: "http://example.com") else { return }
components.queryItems = [URLQueryItem(name: "foo", value: "bar&baz")]
let url = components.url
That will result in:
http://example.com?foo=bar%26baz
The ampersand, as well as a few other characters, need to be encoded if they are within a query parameter otherwise they could be recognized as a delimiter of some sort.
You can encode a string for a query param in Swift like this:
let value = string.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)
let urlString = "https://example.com/?query=\(value)"
On the other side, your server will receive the encode param value but will need to decode it.
PHP includes the urlencode() and urldecode() functions, and stift includes the .addingPercentEncoding function.
This means you can replace with the encoded version of the '&' symbol which is '%26', or you can use swift's function
Then when you recieve this value you can use urldecode( $escapedString ), or just replace '%26' with '&', or just pull the values stright from the request with $_GET.
I have an application that posts content to a MySQL DB via PHP. The PHP uses $_GET to pull the content from the URL and then inserts it into the DB.
This works great, but I have discovered an issue. If the user enters certain characters (", &, and others), the $_GET method does not properly separate the content from the URL.
Let's say the user posts this content:
I love blue & green
In this situation, the & symbol cuts the string after the word blue.
Is there any way for me to edit my PHP file to ignore the & symbol and to actually treat it as part of the variable it is supposed to $_GET? Any help would be great!
You can URLencode data before sending it to the PHP. It's a better solution.
Specials chars must not be used in a query string if those chars are in data.
In Javascript, you can use the escape function : escape(&ee) will give %26ee
The correct method is to urlencode the "&" caracter by the client : pass "%26" instead of "&"
you can use $_SERVER['QUERY_STRING']
from http://php.net/manual/en/reserved.variables.server.php
You could send the request as a base64 encoded string:
$string = base64_encode("This is my long string with &ersands and 'quotes'");
print base64_decode($string);
Note that base64-encoded data takes about 33% more space than the original data.
From the manual:
http://php.net/manual/en/function.base64-encode.php
You also have urlencode
try to urlencode your string:
&
becomes
%26
it's a PHP function :
http://php.net/manual/fr/function.urlencode.php
What about, before creating Query string, encode it ?
$str = "I love blue & green ?=&˙Đ[]";
$str = urlencode($str);
echo $str;
Will return:
I%20love%20blue%20%26%20green%20%3F%3D%26%CB%99%C4%90%5B%5D
You have to URL encode the string before you pass it as a GET parameter. In this particular case you have to replace & symbol with %26.
This can be done for example using javascript right before you send the form.
This question already has answers here:
php parameter with apostrophes
(2 answers)
Closed 2 years ago.
Part of my PHP code includes the construction of a URL string as follows:
$msg = $_REQUEST["msg"];
$content = 'action=sendmsg'.
'&user='.rawurlencode($username).
'&password='.rawurlencode($password).
'&to='.rawurlencode($destination).
'&text='.rawurlencode($msg);
When $msg happens to contain an apostrophe, it get sent as "\'".
What do I need to do to make sure the backslash is not inserted by PHP?
You probably want to check out stripslashes: http://php.net/manual/en/function.stripslashes.php
Assume you want to send the $content variable instead of just stripping the backslashes, Consider to use urlencode() instead of rawurlencode(). Also, you can use the function once for your $content variable.
$content = urlencode($content);
UPDATE: both urlencode and rawurlencode may not fit your case. Why don't you just send out the $content without URL encode? How do you send our the query string? If you are using cURL, you do not need to encode the parameters.
You can try
Stipslashes
or put the string in "" and add ' where you want.
Trying to pass spaces along with ajax call.
'word' is been passed the same as 'word ' i believe so.
On the other hand two words need to be send completely with call.
'word second' but not the same as
'word second '
Should I trim before call or do this on server side script?
How can I send spaces as well?
To allow a parameter to include spaces, etc. you will want to use the javascript escape() [W3Schools] function.
escape( 'hello world ' ) = 'hello%20world%20';
The handling on the PHP side will automatically decode/unescape the parameter, restoring the spaces (along with any other characters which cannot be part of a parameter's value when sent through AJAX, such as "=" or "&".
Within PHP, if you are wanting to strip off any leading or trailing spaces, you can use the PHP trim() [PHP.net] function.
trim( 'hello world ' ) = 'hello world';
I know this is an old question, but I'd like to point out that the accepted answer is suggesting a function that is deprecated as of JavaScript version 1.5.
Instead, you should use either encodeURI() or encodeURIComponent() for sending spaces and other special characters.
var param = encodeURIComponent("word second ");
console.log(param); // outputs 'word%20second%20'
PHP on the other end will handle the decoding automatically. You should trim server side, as client side code can be edited by users to circumvent trimming, potentially causing bugs or vulnerabilities.
The simplest way, I think, is to encodeURIComponent string in javascript before sending xmlhttprequest, and then urldecode it in PHP
when I view source on my php page I get " for a quote. But instead, I would like " to be used in the source code. I have no control over manually replacing it so Im wondering if there is a function to do such a thing.
If you have access to the PHP and want to change all html special characters to their rightful variations use:
print htmlspecialchars_decode($string);
You could do this very simply using str_replace.
$string = str_replace('"', '"', $string);
However, as Levi said, why not just leave it this way? It should have no effect on the display.