i am getting a querystring parameter like companyname=Larson&tubro. Its a single string. But my script is just breaking it after '&'. What is the solution to take this as a single string in PHP. I tried like the below:
<A onclick="window.open('comparitive_files/price_add.php?supplier_name= + urlencode({$supplier_name})&tender_id={$tender_id}','mywindow','width=1200,height=800,scrollbars=yes,resizable=yes')"
href="#">
You are trying to use php functions outside of php. Try something like this.
echo '<A onclick="window.open(\'comparitive_files/price_add.php?supplier_name='.urlencode($supplier_name).'&tender_id='.$tender_id.',\'mywindow\',\'width=1200,height=800,scrollbars=yes,resizable=yes\')" href="#">';
You can try urlencode
urlencode($var);
Use urlencode for encoding
urlencode($companyname);
and urldecode for decoding
urldecode($companyname)
& is used to seperate variables in a querystring. Instead use &.
To prevent any other illegal characters from getting in your querystring, use urlencode()
Related
I am using a JScript code like this:
shareLink = function (link) {
FB.ui({
method: 'share',
display: 'popup',
href: link,
}, function(response){});
}
and it is called in a line like this:
<?php
$sharedata = " ... parameters ... "
?>
<a href="javascript:shareLink('http://<?php echo $site; ?>/?v=<?php echo rawurlencode($sharelink); ?>');">
so, the destination script trasform parameter by using:
$str = rawurldecode($_GET["v"]);
the problem is when the url has a "+" character
using rawurlencode it its converted to "%2B"
zcu0xci%2FFMH2%2B7cLDPVP%2BgD7%2FwQJ%2FFT2Bw%3D%3D
but facebook change only "%2B" into "+" sign again:
zcu0xci%2FFMH2+7cLDPVP+gD7%2FwQJ%2FFT2Bw%3D%3D
and my script does not recognize it
EDIT:
if I echo the "v" parameter I get
zcu0xci/FMH2 7cLDPVP gD7/wQJ/FT2Bw==
instead of
zcu0xci/FMH2+7cLDPVP+gD7/wQJ/FT2Bw==
SOLUTION:
the solution I've found is to replace space by "+" before decode
$str = str_replace(" ","+",$str);
You don't need to use rawurldecode() on elements of the $_GET super-global variable. PHP decodes URL data for you.
In addition, you should generally use urlencode() to encode query string data. If you investigate the difference between these two functions, you'll see that urlencode() will translate any space character to the "+" character. This could possibly be the problem you're experiencing.
I'm having difficulty understanding the remainder of your question. You may need to work on your phrasing.
I want to post an input box that have single quote inside it to a php file.I've used ' but it sends some backslashes:
<input type="hidden" name="legal_natural" value="$store_info['legal_natural']">
result:
$store_info[\'legal_natural\']
Please tell me how can I avoid backslashes when I post ' to a PHP file?
See this : SO Question
Here's an answer from that question:
Assume you want to send the $content variable instead of just stripping the backslashes, Consider to use urlencode() instead of rawurlencode(). Also, you can use the function once for your $content variable.
$content = urlencode($content);
UPDATE: both urlencode and rawurlencode may not fit your case. Why don't you just send out the $content without URL encode? How do you send our the query string? If you are using cURL, you do not need to encode the parameters.
I can not get parameter $_GET with it value contain character: '#'.
I have the follow code:
<iframe src="http://localhost/wp352/wp-content/plugins/heloworld/templates/options-rte.php?text_content=<span style="color: #ff0000;">Empty content.</span>">
and when I change or eliminate the character: '#' all work fine. for example:
<iframe src="http://localhost/wp352/wp-content/plugins/heloworld/templates/options-rte.php?text_content=<span style="color: ff0000;">Empty content.</span>">
How I can get the parameter (text_content) value complete?
Note: I'm testing in PHP get this parameter/value $_GET['text_content'].
Thanks
You'll want to urlencode() any strings you pass in through GET requests and urldecode() them once you grab them from $_GET.
http://www.php.net/manual/en/function.urlencode.php
The quotes in your string are also causing issues. Try this for your top iframe:
<iframe src="http://localhost/wp352/wp-content/plugins/heloworld/templates/options-rte.php?text_content=%3Cspan%20style%3D%22color%3A%20%23ff0000%3B%22%3EEmpty%20content.%3C%2Fspan%3E">
You need to use url_encode function, because whatever comes after # won't be considered as part of URL(browsers don't send that part to server).
You should really use urlencode before sending it to your php script for handling, and then use urldecode to output it normally.
Maybe try:
<iframe src="<?php urlencode('http://localhost/wp352/wp-content/plugins/heloworld/templates/options-rte.php?text_content=<span style="color: #ff0000;">Empty content.</span>'); ?>">
to fetch it:
urldecode($_GET['text_content']);
Let's say I have the following URL: pic.php?t=1&p=23
When I try phpThumb.php?src=/pic.php?t=1&p=23, I get Forbidden parameter: p.
Anyone knows if there's a way around it?
You need to URLEncode that ampersand if you are trying to pass p=23 to pic.php. Try replacing the & with %26.
What you are effectively doing there is passing p=23 as a parameter to phpThumb.php, which obviously it doesn't like...
What you probably want to do is 'phpThumb.php?src='.urlencode('/pic.php?t=1&p=23');
Read this and this.
urlencode() the URL before passing it to phpThumb.
You can URL encode the ampersand to make it part of the content of the parameter in the querystring. This way, the whole /pic.php?t=1&p=23 gets passed as the src.
phpThumb.php?src=/pic.php?t=1%26p=23
The %26 is the encoded version of the &.
Use urlencode().
Given this PHP code:
<a onclick="javascript:window.location.href='<?php echo $url;?>'"
What if there is a ' in $url?
I tried using json_encode($url) but it won't be able to handle this.
json_encode will work. You just have to use it the right way:
<a onclick="javascript:window.location.href=<?php echo htmlspecialchars(json_encode($url)); ?>">
This will work since json_encode already returns an JavaScript expression with quotes. And htmlspecialchars is needed to escape possible HTML meta characters.