I'm building a website with yii2 and xampp and there I have a NavBar with
$menuItems = [...
['label' => 'Mitlesen', 'url' => ['/site/uebersicht&seite=1']],
...]
This leads to the site: index.php?r=site%2Fuebersicht%26seite%3D1
And here I'm getting the error-message:
Not Found (#404)
Unable to resolve the request: site/uebersicht&seite=1
When I delete the &seite=1 the error disappears.
And when I call ... site/uebersicht&seite=1 directly in the browser, it works fine, too.
You should simply use 'url' => ['/site/uebersicht', 'seite' => 1]
You are url encoding the url so the & gets converted to %26.
You need to make sure no url encoding occurs on this url.
See here for a reference to url encoded characters.
However, I'm not sure why you would want to put an "&" in the query string if there is no "?" first. Perhaps you want to swap it over?
A proper query string may look like this:
htttp://site.com/some/route/?name=sam&country=spain
It is an incorrect query string. You should put ? instead of &. So your url should be /site/uebersicht?seite=1
Related
I am reading content of GET query string, and every time I encounter & for ecample Blackstone Woodfire & Grill, GET is reading Blackstone Woodfire.
How can I avoid this, if possible?
I know I could encode the special characters from the reference page, then decode them when are directed to this page.
I'm just curious.
The problem is that the parameters you send using get, are separated using a &.
So if you have an url like
http:/example.com?param_1=value_1¶m_2=value_2
You will have an $_GET array like
array(
param_1 => 'value_1',
param_2 => 'value_2'
);
Now if you send and url like:
http://example.com?param_1=value_1 & value_2
You will have an $_GET array like
array(
param_1 => 'value_1 ',
' value_2' => ''
);
Simply becuase that is the way sending GET params works.
On the recieving side, there is not much you can do, the problem lies at the other end.
The GET parameters that are beeing send must indeed be encoded, within PHP that is done using
echo 'http://example.com?param_1=' . urlencode('value_1 & value_2');
Javascript uses encodeURIComponent() to solve this issue.
PHP calles urldecode() automaticly on every get parameter when it is creating your $_GET global.
You could use urlencode to encode the get string. And later if u want to fetch it from $_GET u urldecode.
You could replace all ampersands to %26
I have a php file which doesn't establish database connection.
When I pass an url as a param like
http://mydomain.com?q=http%3A%2F%2Fmyoranotherdomain.com
It shows a 403 error:
You don't have permision to access blahblah.php file.
And when I remove the http part in param, it's alright like
http://mydomain.com?q=myoranotherdomain.com
How can I let domains be passed in the url as params?
The easiest way is to encode the url with:
string urlencode ( string $str )
http://php.net/manual/en/function.urlencode.php
You also have to do the decode:
string urldecode ( string $str )
http://php.net/manual/en/function.urldecode.php
It's always this methode to encode parameter with special characters.
Final Solution:
I found this: I get a 403 error when submitting "http://www." via GET. Even if it's encoded beforehand. Is there a solution for this?
The answer is to replace the http://www String with something like: htpwwwashere in javascript and replace it again in your php.
The reason - according to the link above - is some security stuff like to prevent injection attacks on the pages they're serving up.
There is a string XX&YY and I'm passing it to another page. ie, localhost/sample/XX&YY/1 for some processing. Now when I try getting the name value on the other side I'm able to get only XX and not full XX&YY. How to rectify it? Any ideas?
Note : here is my url localhost/sample.php?name=somevalue&pageno=somevalue has been url re-written to localhost/sample/name/pageno.
You have to escape the URL . You can use rawurlencode() or urlencode() to encode your URL.
sidenote: Difference of the 2 functions
If I'm understanding correctly, this is the URL to your script:
http://localhost/sample/name/pageno
Which is then rewritten by your web server to this:
http://localhost/sample.php?name=somevalue&pageno=somevalue
Then, this is how you should format the URL:
$url = sprintf('http://localhost/sample/%s/%s',
urlencode('XX&YY'),
urlencode('1')
);
I think I have seen this question before but I don't think it's answered good enough yet because I can't get it to work.
The case:
I want to insert an URL into my MySQL database like so:
$url = $_POST["url"]; //$_POST["url"] = "http://example.com/?foo=1&bar=2& ...";
$sql = mysql_query("INSERT INTO table(url) values('$url')") or die ("Error: " . mysql_error());
Now, the URL is inserted into the database properly but when I look at it, it looks like this:
http://example.com/?foo=1
It's like the URL is cut right at the "&" character. I have tried: mysql_real_escape_string, htmlspecialchars, escaping by doing "\" etc. Nothing seems to work.
I have read that you might be able to do it with "SQL Plus" or something like that.
Thanks in advance.
Regards, VG
Chances are the problem here is nothing to do with the database query, and more to do with how the url is passed to the page. I suspect you'll find that the URL used to load the page is something like:
http://mydomain.com/?url=http://example.com/?foo=1&bar=2
This will result in a $_GET that looks like this:
array (
'url' => 'http://example.com/?foo=1',
'bar' => '2'
)
What you need is to call page with a URL that looks more like this:
http://mydomain.com/?url=http://example.com/?foo=1%26bar=2
Note that the & has been encoded to %26. Now $_GET will look like this:
array (
'url' => 'http://example.com/?foo=1&bar=2'
)
...and the query will work as expected.
EDIT I've just noticed you're using $_POST, but the same rules apply to the body of the request and I still think this is your problem. If you are, as I suspect, using Javascript/AJAX to call the page, you need to pass the URL string through encodeURIComponent().
It is likely the querystring is not being passed. It looks like you are receiving it from a FORM post. Remember that form posts that use a method of GET append a querystring to pass all of the form variables, so any querystring in the action is typically ignored.
So, the first thing to do is echo the URL before you try to INSERT it to make sure you are getting the data you think you are.
If there are variables you need to pass with the URL, use hidden inputs for that, and a method of GET on the form tag, and they will get magically appended as querystring parameters.
Right !! The problem here is nothing to do with the database query has DaveRandom said.
Just use the javascript function "encodeURIComponent()".
Depending on what you want to do with the stored value, you also urlencode() the string: http://php.net/manual/de/function.urlencode.php
Cheers,
Max
P.S.: SQL*Plus is for Oracle Databases.
maybe escape the url with urlencode then you can decode it if you want to pull it out of the db
i have a download.php file which gets and opens files. i have a problem is that files were named using '&' in the file name so i get file not found when trying to access files with '&' in them.
example: download.phpf=one_&_another.pdf
in the download.php file i use get to the the file name ($_GET['f']) the example above throws the error file not found if i change the file name to one_and_another.pdf it works.
Yes renaming would be nice if there wasnt a whole lot of these files named this way.
I need to know how to ignore the fact that '&' doesnt mean im about to pass another var in php.
If you can control the query strings, you need to URL encode the ampersands so they look like this:
download.php?f=one_%26_another.pdf
Then look for $_GET['f'] as usual. Otherwise a literal ampersand & would break $_GET into
{ 'f' => 'one_', '_another.pdf' => '' }
You will probably just need to urlencode() the & properly in your links:
download.php?f=one_%26_another.pdf
Rule number 1 for accepting user input: do not trust it.
Refer to this StackOverflow answer for your solution.