When connecting to PayPal I use a URL like this (I am using fake values here, but the structure is real):
https://www.paypal.com/cgi-bin/webscr?&business=ZDS346347&cmd=_xclick&amount=100&item_name=Test&no_note=1&no_shipping=1&rm=2&return=http://www.website.com/registration.php?paypal=1&classid=122&sessionid=264&studentid=2286
The problem is when I send this url, it truncates my return value query string from this:
paypal=1&classid=122&sessionid=264&studentid=2286
to this:
paypal=1
The ampersands in the return value are confusing it, but I need to use them so I can process those query string values on the return.
Is there someway, I can pass that whole return string to PayPal so it won't truncate after the first ampersand it hits.
Thanks,
Chris
Wrap the passed URL with urlencode to turn the ampersands into PayPal-parsable characters, then when your URL gets called use urldecode to decode them.
This happens because PayPal's URL simply splits everything after the ? into chunks by the & symbol. It doesn't know when one is part of your website or not. So it's sending PayPal classid=122 as it's own key/value pair, not as a part of your URL. Encoding the URL this way should make it work correctly.
edit Referenced the wrong PHP functions. urlencode/decode are for GET parameter passing, htmlspecialchars is for storing HTML data
Related
I am sending the below url with query string. In the query string one parameter
"approverCmt" has value with hash(#).
"/abc/efd/xyz.jas?approverCmt=Transaction Log #459505&batchNm=XS_10APR2015_082224&mfrNm=Timberland"
In server side when I tried to retrieve it from the request I get
approverCmt = Transaction Log -----> "#459505" is missing
batchNm = null
mfrNm = null
And If I remove hash(#) from query string or If I replace # with %23 every thing works fine
I don't understand why I am getting null for one parameter if another parameter contains a hash(#) symbol.
Appreciate if any one can explain.
This is known as the "fragment identifier".
As mentioned in wikipedia:
The fragment identifier introduced by a hash mark # is the optional last part of a URL for a document. It is typically used to identify a portion of that document.
The part after the # is info for the client. It is not sent to the server. Put everything only the browser needs here.
You can use the encodeURIComponent() function in JavaScript to encode special characters in a URL, so that # characters are converted to other characters that way you can be sure your whole URL will be sent to the server.
The Hash value is for the anchor, so it is only client-side, it is often used in client-side framework like angular for client-side routing.
The anchor is NOT available server-side.
In your case you don't need an anchor, but a parameter value with a # break the query string the value is "Transaction Log #459505".
EDIT Naive solution that doesn't work, just let it ther for history, See Real solution below
The solution is to encode client-side and decode serveur-side
Encoding in javascript
encodeURI("Transaction Log #459505")
//result value "Transaction%20Log%20#459505"
Decode in Java
java.net.URLDecoder.decode("Transaction%20Log%20#459505");
//result "Transaction Log #459505"
EDIT: But: Javascript doesn't encode in the same way than Java
So the correct answer (I hope) is to manually replace all your # with %23, then Java will decode it normally, or to use encodeURIComponent as suggested in comments. For your need the replace solution seem to be enough.
Encode in Javascript:
encodeURI("yourUrl/Transaction Log #459505").replace(/#/,"%23")
//result: yourUrl/Transaction%20Log%20%23459505
The decode in Java doesn't change
java.net.URLDecoder.decode("Transaction%20Log%20#459505")
// result (java.lang.String) Transaction Log #459505
Sorry for long post, I didn't see the difference bettween Java and the JavaScrip Url encoding
the hash is an anchor:
see wikipedia for more information
I am doing a post HTTP request in swift 4.2 and in one of my Strings I put in the parameters contain "&" but apparently the requests gets cut off after this symbol. I thought about replacing every "&" symbol with a unique placeholder and convert it back in PHP.
But is there are more elegant or easy way of doing this?
URL encode your data (and decode it when you need to use it), that will make the ampersand into %26 which will stop it cutting off in your GET request.
You could replace the "&" with "%26" and then it's have to work :)
All Precent-encoding characters:
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
You should probably minimize how much manual percent escaping you do. You might, for example, use URLComponents to build your URL and percent escape it for you:
guard var components = URLComponents(string: "http://example.com") else { return }
components.queryItems = [URLQueryItem(name: "foo", value: "bar&baz")]
let url = components.url
That will result in:
http://example.com?foo=bar%26baz
The ampersand, as well as a few other characters, need to be encoded if they are within a query parameter otherwise they could be recognized as a delimiter of some sort.
You can encode a string for a query param in Swift like this:
let value = string.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)
let urlString = "https://example.com/?query=\(value)"
On the other side, your server will receive the encode param value but will need to decode it.
PHP includes the urlencode() and urldecode() functions, and stift includes the .addingPercentEncoding function.
This means you can replace with the encoded version of the '&' symbol which is '%26', or you can use swift's function
Then when you recieve this value you can use urldecode( $escapedString ), or just replace '%26' with '&', or just pull the values stright from the request with $_GET.
I have a method that scrapes data from a url and returns that as a string variable. Currently the method is working if i put in my own url, but when i insert a generated url it doesnt work.
e.g.
The following string is working if I insert it into a variable, and pass it:
http://www.rijkswaterstaat.nl/apps/geoservices/rwsnl/awd.php?mode=html&projecttype=windsnelheden_en_windstoten&category=1&loc=ZBWI&net=LMW
But this string is being generated by another source. The result of my attempt to fetch it is (var_dump()):
string(154) "http://www.rijkswaterstaat.nl/apps/geoservices/rwsnl/awd.php?mode=html&projecttype=windsnelheden_en_windstoten&category=1&loc=ZBWI&net=LMW"
The string is only 138 characters, however it prints string(158). I think this has something to do with the fact it is not working, but i'm not even sure...
Does anyone have any idea how to clean this up? I have found other questions with the question why var_dump() is showing another value then the length of the string, and that had something to do with unvisible characters, but no real solution is given anywhere.
Thx
154-138 = 16
You have 4 & in the string
& HTML encoded is &
So your string seems to be HTML encoded - in the browser you don't see the encoding unless you "View Source".
You can use html_entity_decode() to decode the string or, if possible, make sure that you get a string that is not encoded for HTML output in the first place.
If I have a URL like asdf.com/index.php?a=0&b=2, then using $_GET for a would be 0 and for b would be 2. However, the term I put into a single $_GET function has an ampersand in it already, like a=Steak&Cheese. Is there a way to make ampersands work without the $_GET variable thinking its job ends when the ampersand shows up (therefore not pulling the entire term)?
urlencode() it so & turns into %26.
If you need to make a query string out of some parameters, you can use http_build_query() instead and it will URL encode your parameters for you.
On the receiving end, your $_GET values will be decoded for you by PHP, so the query string a=Steak%26Cheese corresponds to $_GET = array('a' => 'Steak&Cheese').
Yes, you must URL Encode before request URL. Read this http://www.w3schools.com/TAGS/ref_urlencode.asp
Here is a previous post covering this in jquery AJAX requests, but to summarize you have to encoded the uri. This will convert the ampersand value to a ascii value.
Ampersand in GET, PHP
I am retrieving an encoded url via querystring. I need to pass it again to the next page. When I retrieve it the first time, using $_REQUEST['url'], only the slashes are decoded, e.g:
http://example.com/search~S10?/Xllamas&searchscope=10&SORT=D/Xllamas&searchscope=10&SORT=D&SUBKEY=llamas/51%2C64%2C64%2CB/browse
The php docs page for urldecode advises against decoding request data, and says that it will already be decoded. I need it either completely decoded, so I can encode it again without double-encoding some parts, or not decoded at all.
I'm not sure why my experience of this data is incongruous with the php docs. Appreciate any help or pointers to same!!
EDIT: attempt to post relevant code, which is scattered about:
the url is encoded and added to the querystring (in an html file using smarty template):
<a class="button" href="{$baseurl}search_nojs?searcharg={$searcharg|escape:'url'}&url={$next|escape:'url'}"><span>Next>></span></a>
if that link was followed, i'm grabbing the url back out of the querystring (in a php file):
if(array_key_exists('url', $_REQUEST)) {
$sm->assign("searchurl", $_REQUEST['url']);
}
Then I'd like to stick the url back into the querystring for the next link (in another html file):
href="{$baseurl}detail?bibid={$res.bibid}&searcharg={$searcharg}{if $searchurl}&searchurl={$searchurl}{/if}"
I'm also printing {$searchurl} straight onto the page, and getting the same half-escaped result.
Here is another example of the querystring vs. the data i get from $_REQUEST:
originally encoded url in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse
data retrieved from $_REQUEST:
searcharg=mammals&searchurl=http://example.com/search~S10?/Xmammals&searchscope=10&SORT=D/Xmammals&searchscope=10&SORT=D&SUBKEY=mammals/51%2C1114%2C1114%2CB/browse
I know this method may seem curious -- I am trying to make a mobile display, working around a black-box database. Thanks again for any help!!
Here is another example of the querystring vs. the data i get from $_REQUEST:
originally encoded url in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse
This is double encoded. For example: %252C -> %2C -> ,
So at the point that you encode the url parameter, you're introducing double encoding. Perhaps you should ensure that, before encoding parameters, you decode them until they can be decoded no more (aka canonicalisation). You could use urldecode in a loop for this.
You also want to ensure that when you put the url parameter back into html context (as a link) that you escape for HTML Attributes too. Otherwise you have an XSS vulnerability.
The comma (U+002C) is a reserved character in the query and thus must be encoded with %2C:
3.4. Query Component
The query component is a string of information to be interpreted by
the resource.
query = *uric
Within a query component, the characters ";", "/", "?", ":", "#",
"&", "=", "+", ",", and "$" are reserved.