So i'm trying to make a website without having any errors, however i keep getting this error:
line 31 column 107 - Error: Bad value display.php? url=A GUIDE TO THE
PROJECT MANAGEMENT BODY OF KNOWLEDGE for attribute href on element a:
Illegal character in query: not a URL code point.
And this is the part of the code that it is highlighting that is giving the error:
</tr><tr><td><a href='display.php? click=A GUIDE TO THE PROJECT MANAGEMENT BODY OF KNOWLEDGE'>
The '>' the symbol on the end is being highlighted, and it is repeating this for every row.
This is the line of the source code that is saying that is causing the error:
$book = $row['bookTitle'];
echo "<td><a href='display.php? url=".$book."'>\n" .$book."</a></td>";
Any ideas of how to stop this? Any help is appreciated :)
Your a tag has a space before the query string parameter:
<a href='display.php? url=".$book."'>
this should be:
<a href='display.php?url=".$book."'>
I'm not fully sure of the exact reason for the error but you're injecting raw random input into both a URL and an HTML document. You need to escape them properly:
For URLs: rawurlencode()
For HTML: htmlspecialchars()
Please note that the value of the href attribute contains a URL that's injected into HTML so you need both escaping mechanisms:
$book = $row['bookTitle'];
echo "<td><a href='display.php?url=" . htmlspecialchars(rawurlencode($book)) . "'>\n" .
htmlspecialchars($book) . "</a></td>";
I've also fixed what I assume is a little typo (you probably expect $_GET['url'] rather than $_GET[' url']).
Related
I save a php string as
$url = "http://example.com/index.php?q=board/ajax_call§ion=get_messages";
The url when printed to screen displays as
"http://example.com/index.php?q=board/ajax_call§ion=get_messages" as "§" gets auto converted to special char "§".
How can I prevent this so that I can call the correct URL using cURL .
Your Problem
The problem is that § is interpreted by the browser as the HTML entity for §.* So, §ion displays as §ion.
The Solution
If you're going to print the URL itself, you need to escape the & and turn it into &. You can do this automatically using htmlentities(). Sample code:
<?php
$url = "http://example.com/index.php?q=board/ajax_call§ion=get_messages";
echo "Without htmlentities(): " . $url . "\n";
// output: http://example.com/index.php?q=board/ajax_call§ion=get_messages
echo "With htmlentities(): " . htmlentities($url) . "\n";
// output: http://example.com/index.php?q=board/ajax_call§ion=get_messages
Here's a demo.
A Note About Security
Note that using htmlentities() here is a good idea for lots of other reasons. What if somebody used this URL?
http://example.com/index.php?q=board/ajax_call§ion=get_messages<script src="http://evilsite/evil.js></script>
If you just dumped it out onto the screen, you have just included an evil JavaScript. Congratulations! You just hacked your user and, probably, got your own site hacked. This is a real problem called XSS (Cross-Site Scripting). But if you call htmlentities() first, you get:
http://example.com/index.php?q=board/ajax_call§ion=get_messages<script src="http://evilsite/evil.js></script>
That's safe and won't actually run the evil script.
* Technically, the HTML entity is §, with the semicolon, but nearly all browsers with treat it as an HTML entity with or without the semicolon. See this answer for a good explanation.
Change the & to &.
(See w3c markup validator ampersand (&) error for a bit more information.)
This should be incredibly simple but i can't seem to figure it out.
I have the following code
<?php
$bookingid='12345';
include_once('phpToPDF.php') ;
//Code to generate PDF file from specified URL
phptopdf_url('https://google.com/','pdf/', $bookingid.pdf);
echo "<a href='pdf/$bookingid.pdf'>Download PDF</a>";
?>
It echo's correctly however when it comes to generate the pdf...
phptopdf_url('https://google.com/','pdf/', $bookingid.pdf);
...it misses out the fullstop so it generates 12345pdf whereas it should be 12345.pdf.
Again, i apologise for the probable simplicity of this but i can't seem to figure it out.
$bookingid.pdf
It tells php to concatenate variable $bookingid with constant pdf. Since constant pdf is undefined, it is casted to string and concatenated. Proper code will look like:
$bookingid . '.pdf'
or
"$bookingid.pdf"
This should be
$bookingid.".pdf"
PHP is seeing a string concatenation, concatenating pdf' to $booking. pdf is an undefined string, so PHP helpfully assumes that you mean the text itself, but it misses the full stop you also need.
I have the following line in my code
$lib = simplexml_load_file("http://www.goodreads.com/book/title.xml?key=MYAPIKEY&title=" . $current_book,null,true);
when this is sent, it is sent like this
http://www.goodreads.com/book/title.xml?key=MYAPIKEY&title=Dashing%2BThrough%2Bthe%2BSnow%2BMary%2BHiggins%2BClark%0A
When this happens, the book is not found and an error is returned . . .
However, if i type into my browser
http://www.goodreads.com/book/title.xml?key=MYAPIKEY&title=Dashing+Through+the+Snow+Mary+Higgins+Clark
Then i get a valid XML response, and i can use this to complete my code.
So, how do i send this without the + getting changed to %2B ?
And what is the %0A at the end of the URL?
Your url seems to be encoded twice.
Since you are not encoding at all in the code you show (by the way that would be the proper place to do that) it must have happened before.
The error is not in this code but somewhere before that.
You could correct it like this:
$lib = simplexml_load_file("http://www.goodreads.com/book/title.xml?key=MYAPIKEY&title=" . trim(urldecode($current_book)),null,true);
However that is only a workaround for an existing error, you should fix the prior encoding.
Also the character you mention is a newline character, thats the reason for trim
What Im trying to do is write a script that grabs the url of thumbnails attached to posts in wordpress. It sounds really easy(as I'm sure the solution is) but I can't seem to get it to work, I keep getting syntax errors no matter what I try. The problem line is the second echo(Img src...). Any help would be greatly appreciated.
$image_id = get_post_thumbnail_id();
$image_url = wp_get_attachment_image_src($image_id,'archive-thumb');
$image_url = $image_url[0];
echo "<li class=\"recent-img-widget-li\"><a href='".get_permalink()."'>;
echo "<img src=\"".$image_url."\" width=\"120\" height=\"120\">";
echo "</a></li>";
Simply enough, you're not closing your first string after get_permalink(). Yo need another quote after the >.
You never close the first string. You just need a quote before the greater than on the first line (and possibly the second?). Look at the syntax highlighting that SO has.
A general guideline is to always look at the row above the one that is giving the error.
In this case you have forgotten to end the string in the last part of the first echo statement.
...ermalink()."'>;
Should be
...ermalink()."'>";
For one you should close that first echo. Missing the closing "
I found this tutorial that explains what I want to do using html but when I echo out the code with a get variable there is no affect to the page. I would use, for example, the following code:
echo "<a href='post.php?id=".$id."#Comments'>Click here to go to the comments</a>";
echo "<a title='Comments'>Comments</a>";
I presume the problem is to do with the get variable, so would I have to end it, some how, before using the # symbol?
The problem actually lies in your HTML, because the anchor should be parsed correctly by browsers regardless of the query string.
Page anchors use the name attribute instead of the title attribute:
<a name='Comments'>Comments</a>
You can also apply this to the id attribute of any element:
<h2 id='Comments'>Comments</h2>
To define jump-labels you have to set a name and/or id-attribute:
echo "<a title='Comments' name='Comments' id='Comments'>Comments</a>";