I have a string of Characters that is passed in a URL.
The string happens to contain a group of characters that is equivalent to an ASCII code.
When I try to use the string on the page using the $_GET command, it converts the part of the string that is equivalent to the ASCII code to the ASCII code instead of passing the actual string.
For example the URL contains a string Name='%bert%'. But when I echo out $_GET['Name'] I get '3/4rt%' instead of '%bert%'. How can I get the actual text?
You're not escaping your data properly.
If you want to use %bert% in a URL, you need to encode your % as %25, making your query string value %25bert%25.
% in a URL means that the next two characters are going to be some encoded entity, so if you want to use it literally, it must be encoded this way.
You can read more information here: http://www.blooberry.com/indexdot/html/topics/urlencoding.htm
try passing Name='%25bert%25' instead of Name='%bert%'.
Note: %25 acts as escape character for % is url query string!
Related
In PHP, is it at all possible to output the contents of a string to show any escaped characters that may be contained within the string? I get that the whole point of escaping characters is so that they aren't treated in the usual way. But I would still like to be able to view the raw contents of a string so I can see for myself exactly how characters like \n and \r, etc. are represented. Does PHP have a method for doing this?
Use json_encode() to encode the string as JSON. The JSON encoding of strings (which is, in fact, JavaScript) is the same as the one used by PHP. Both JavaScript and PHP were inspired from C and they copied the notation of string literals from it.
if you use single quotation marks it should do what you need
eg echo 'this\n'; will output this\n where as echo "this\n"; will output this and a new line
I need to make up a simple string in PHP which is a string of data to be posted to another site.
The problem is that one of the fields is 'notify_url=..' and when I use that PHP takes the & in front of it and the not part to mean the logical operator AND NOT and converts it to a ¬ character:
$string = 'field1=1234&field2=this¬ify_url=http';
prints as 'field1=1234&field2=this¬ify_url=http'
The encoding on my page is UTF-8.
I have tried creating the string with single quotes as well as double quotes. I have tried making the fields names variables and concating them in but it always products the special character.
This is not being urlencoded because the string is meant to be hashed before the form is submitted to verify posted data.
PHP isn't doing that, it's your browser interpreting HTML entity notation. & has a special meaning in HTML as the start of an HTML entity, and ¬ happens to be a valid HTML entity. You need to HTML-encode characters with special meanings:
echo htmlspecialchars($string);
// field1=1234&field2=this¬ify_url=http
Unable to get a value from url.
localhost/ddd.php?udh=%05%00%03%6d%03%01
When I try to copy paste this url to address bar "localhost/ddd.php?udh=%05%00%03%6d%03%01" it converts to "http://localhost/ddd.php?udh=%05%00%03m%03%01"
Is there any explanation?
Also I am not able to get $_GET['udh'], it prints:
array (size=1)
'udh' => string '�m' (length=6)
From W3C Schools:
URL Encoding (Percent Encoding)
URLs can only be sent over the Internet using the ASCII character-set.
Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format.
URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits.
URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
So when you put the string %05%00%03%6d%03%01 in the browser it automatically tries do decode it searching for %character, in your case it happens that %6d = m.
Not sure if you are using % as a separator but you could change to : or | and use explode to extract it (http://php.net/manual/en/function.explode.php)
May be you should encode your message using urlencode() and when accessing the message using $_GET you have to decode it using urldecode().
HTML
<a href ="localhost/ddd.php?udh=".<?php urlencode('message');?>></a>
PHP
$value = urldecode(isset($_GET['udh']));
I haven't a clue what is going on but I have a string inside an array. It must be a string as I have ran this on it first:
$array[0] = (string)$array[0];
If I output $array[0] to the browser in plain text it shows this:
hellothere
But if I JSON encode $array I get this:
hello\u0000there
Also, I need to separate the 'there' part (the bit after the \u0000), but this doesn't work:
explode('\u0000', $array[0]);
I don't even know what \u0000 is or how to control it in PHP.
I did see this link: Trying to find and get rid of this \u0000 from my json
...which suggests str_replacing the JSON that is generated. I can't do that (and need to separate it as mentioned above first) so I then checked Google for 'php check for backslash \0 byte' but I still can't work out what to do.
\uXXXX is the JSON Unicode escape notation (X is hexadecimal).
In this case, it means the 0 ASCII char, aka the NUL byte, to split it you can either do:
explode('\u0000', json_encode($array[0]));
Or better yet:
explode("\0", $array[0]); // PHP doesn't use the same notation as JSON
The string you have is "hello\0world", or "hello\x00world" whatever you prefer. If you echo it, the null symbol \0 won't be displayed, thats why you see helloworld instead, but json_encode will detect it and escape it as it does to any other special character, thats why its replaced by a visible \u0000 string.
In my way of seeing it, json is encoding the string perfectly, the \u0000 is there to do its job of reproducing the inputted string in a json encoded way. You don't have to touch its output. If you don't want that \u0000 there you should fix its input instead.
you can simply do trim($str) without giving it a charlist
\uXXXX is the unicode symbol with code XXXX (hexadecimal).
For example: http://msdn.microsoft.com/en-us/library/aa664669(v=vs.71).aspx
If you really get 0000 - then it's just the char with code 0
I came across this issue today and I sorted it out by replacing \u0000 in my array with "" before sending it back to the client.
echo str_replace('\\u0000', "", json_encode($send));
In my case I've found the symbol inside serialized Laravel job's payload json, something like s:8:"\0*\0order"; (or s:8:"\u0000*\u0000order";) which meant that serialized object's property order has visibility protected on a moment of serialization
Just in case anyone need it to apply to the whole array
$data = (array)json_decode(str_replace('\u0000*\u0000', '', json_encode($data)));
Try explode("\u0000", $array[0]);, making sure you use double quotes. With single quotes it's going to parse the literal 6 character value.
As others have mentioned, \u0000 is the Unicode NUL character.
I am attempting to open a page with window.open and it's not working. The path shown is like xyz/a%20b%20c%20.pdf, but it is supposed to be xyz/abc.pdf. If I remove the % and 20 manually, it works, how can I remove these characters using PHP?
Use urldecode:
(PHP 4, PHP 5)
urldecode — Decodes URL-encoded string
Description
string urldecode ( string $str )
Decodes any %## encoding in the given string. Plus symbols ('+') are decoded to a space character.
Example
echo urldecode('xyz/a%20b%20c%20.pdf');
This is known as URL Encoding. You need to decode the string. If you are using jQuery you should check out the URL Encode plug in.
You need to urldecode (as stated above).
However, you say that you can remove the %20 and it will work. I would say you need them, they decode to spaces. Check it out using this online url decoder:
http://www.convertstring.com/EncodeDecode/UrlDecode
it decodes to:
xyz/a b c .pdf
not
xyz/abc.pdf