I have a page that uses an input field to search, and then uses that same field to go across pages. It also accepts double quotes for exact searching.
The url needs to look like blahblah.com/search/%22querystuff%22, but it autodefaults to blahblah.com/search/"querystuff" which fails in the browser.
Is there any way to get it to stop doing that or do I need to look into a different method.
Try out the urlencode method.
Here is an example of how to use it:
<?php
$userinput = '"Hello world"';
echo '<a href="http://blahblah.com/search/', urlencode($userinput), '">';
?>
Related
I am using CI framework for my project. If I use like this
$title= "प्रदेश"; // प्रदेश is written in nepali langauge.
echo $title; // It will display प्रदेश
Now I want to use
<a href = "<?php echo base_url("home/$title")?>"> //home is a controller
Now In home controller if I tried to display$title it will not show प्रदेश.
It will display like this %E0%A4%AA%E0%A5%8D%E0%A4%B0%E0%A4%A6%E0%A5%87%E0%A4%B6
Please help me.
The base_url calls urlencode on the string, which makes it into url entities.
A space becomes %20 and things like that.
The url that is displayed is actually correct and should be interpretted correctly by the server, even if it's gibberish according to humans.
If you really want the human readable characters for some reason you can do two approaches, urldecode the resulting url(not recommended):
echo urldecode(base_url("home/$title"));
or
echo base_url("home/").$title
I use html entities to secure my site.
And my client want to add link in his post using the CMS.
how to make exception in html entities?
my code example:
<p><?php echo h($row['message']) ?></p>
//h is my function for htmlentities
My code display this message:
"You can click this link Link"
//And I dont know my data insert '\'
//It become Link
If my question is not clear please ask.
Really appreciate.
I believe what you want to do is pass into the DB with htmlentities() so it doesn't mess with your DB. To retrieve them you would use html_entity_decode(). The html_entity_decode() converts all strings with HTML entities back to there original string.
http://php.net/manual/en/function.html-entity-decode.php
Hopefully this answers your question.
Edit:
Raw data retrieved: http://www.example.com
Through htmlentities it spits out the HTML entities, which the browser cannot interpret when attempting to find that page. The use of htmlentities() (please if I'm wrong correct me) is to encode user input before passing it anywhere else.
User input: <script>hacks</script>
Passed though htmlentities:
<script>hacks< (whatever backslash is)script>
(This way it can't mess with anything in your database, better example is the use of PHP/MySQL but I'm not well versed to give that exact example at the moment.)
However this would expose your site when decoding it as well and other precautions would have to be taken.
Try this :
<?php
$link = h(stripslashes($row['message']));
?>
You can click this link <a href='<?php echo $link; ?>'>Link</a>
I'm trying to mix <?php echo do_shortcode('[...]') with a field from Advanced Custom Fields within Wordpress.
So basically what I'm trying to do is give the user a text field in the page edit screen where she can paste in the ID of a youtube vide. This field will then update my do_shortcode to display the correct video.
I'm not sure what I'm doing wrong considering I've done this several times before and been succesful. I do have a feeling I'm not escaping the string correctly?
<?php echo do_shortcode('[video_lightbox_youtube video_id="' . the_field("youtube_video") . '" width="640" height="480" anchor="Play Video"]'); ?>
Anyone able to lead me in the right direction? :)
EDIT
The code above returns q_cHD1lcEOo with multiple spaces in front of it as well as this: "Error! You must specify a value for the Video ID, Width, Height parameters to use this shortcode!" That's why I was thinking I'm not escaping it correctly as these are all specified.
I'll add that if I remove the_field("...") and replace it with just an ID it displays perfectly.
SECOND EDIT
Since I was not supposed to echo it, I was using the wrong function to get the field. Instead of using the_field() which prints the value, I was supposed to use get_field() to simply return it to the string.
Your question is somewhat unclear, but I'm also 20 hours without sleep.
Anyways, as far as mixing PHP within a PHP string, there's numerous ways to do it..
You can use concatenation or { } within the string itself.
For example, say we want to echo out the property of an object within a string.
We could do the following
echo "This is my property " . $object->property;
Or, we can do this
echo "This is my property {$object->property}";
You can even do cool things like access associative arrays within strings like so
echo "This is my property {$object->property['cool']}";
Hopefully this leads you in the ride direction.
At first glance it looks like you should be using get_field instead of the_field. the_field will print without being prompted, whereas get_field will return its value, which is what you want.
I see you've also mentioned whitespace at the start, you should consider wrapping the function in trim.
See below:
<?php echo do_shortcode('[video_lightbox_youtube video_id="' . trim(get_field("youtube_video")) . '" width="640" height="480" anchor="Play Video"]'); ?>
I have a little static function so that I can easily build html valid urls on my local website, it is below;
public static function url($path = false) {
// Build return url with special html characters escaped
return 'http://127.0.0.1/' . htmlspecialchars($path);
}
I have two urls one inside an anchor and another is inside a form action, they are below;
Root::url('test?category=' . $category . '&index=' . $index) // Href
Root::url('test?category=' . $_GET['category'] . '&index=' . $_GET['index']) // Form
GET === $, you can see inside my static function that I use htmlspecialchars to escape special html characters from my url.
The anchor one returns a valid link and works as expected. The form one however returns the following, as in when I click on the form submit, my url in my browser is as follows.
http://127.0.0.1/test?category=innate&index=0
Why is this? My website breaks because it is dependant on the GET parameters being valid.
Thanks for your time, hope this made sense.
EDIT
I insert the return value of the function call straight into my form action,
<form
action="<?= Root::url('test?category=' . $_GET['category'] . '&index=' . $_GET['index']); ?>"
method="post">
EDIT
The form html is as follows;
<form action="http://example.com/test?category=innate&index=0" method="post">
The anchor html is as follows
<a href="http://example.com/test?category=innate&index=0">
Could it be something to do with the server sending a POST request even though I have GET parameters?
EDIT #3
Ok so it has something to do with my function or what I am passing in, I hard typed in the url in the form submit and it worked, no problems, which means it can only be what my function is returning.
I myself cannot see what I may be!
ANSWER
After the form was being submitted, I was redirecting to the same page using header to counter form resubmission. The string for the header was being generated by Root::url().
Two hours this took me to figure out, but boy does it feel good!
Normally you wouldn't add a query string to a POST URL. It's not forbidden, though, it may only be somewhat confusing, especially if you use $_REQUEST (which you don't, it seems).
I don't know why your browser shows an uninterpreted &, it should interpret it.
Your problems are likely due to one of these:
a bad browser - try another one
bad content of the form input fields
other
This is quite logic.
I assume your url() method looks like this:
url($string){
echo htmlspecialchars($string);
}
Let's have a look at the $string you are passing:
'test?category=' . $_GET['category'] . '&index=' . $_GET['index'];
As I see in your output, replacing the values, the final string before htmlspecialchars() occur would be:
'test?category=innate&index=0' and after it: test?category=innate&index=0
What happened here? you first concatenated the string, and then htmlspecialchars()'ed the & used to separate the parameters. And to not break the url, you don't want to convert THAT '&'.
Also to sanitize the url you shouldn't use htmlspecialchars() because most html entities would convert to somthing like & + somename + ; for example the Euro symbol would convert to € and you don't want the actual & symbol in your url, the browsers will interpret it as you have another new parameter awaiting.
You should use urlencode(), which will convert your & into: %26 , also, the function's name is self-explanatory, it's encoding a string to use on a URL.
Still, you want the & to separate the parameters, but not in the $GET values. What should we do? to urlencode the values before concatenating the string. I would suggest a method like this one:
function url($page, $get){
$parameters = array();
foreach($get as $k => $v) $parameters[] = urlencode($k)."=".urlencode($v);
//We are concatenating with ? and & the urlencoded() values in the next line:
echo urlencode($page).'?'.implode('&', $parameters);
}
url('test', $_GET); // outputs: test?category=innate&index=0
This would get rid of the special chars from a form's field names and values.
I noticed you will use 2 fixed parameters, category and index, so the method could be like this:
function url($page, $get){
$page = urlencode($page);
$category = urlencode($get['category']);
$index = urlencode($get['index']);
echo "$page?category=$category&index=$index";
}
Hope this is what you needed
In my tag cloud I have urls that look like this
../search.php?query=cat&select=all
../search.php?query=the cat&select=all
What I am trying to do is if the keyword is more than one word like so:
../search.php?query=the cat&select=all
Put a + between the words like this
../search.php?query=the+cat&select=all
My default search function uses the + in the searches performed by the form but I would also like my tag cloud to have the same thing. I am only doing this for looks. It works perfectly fine as is but I thought I would ask anyway. Can anyone help? this is what I am currently using for links in my tag cloud
echo " <a href='../search.php?query=$word&select=all' target='rel' title='".($word)."'>".($word)."</a>";
Thanks.
I think what you're looking for is the urlencode() function.
urlencode & urldecode is just the function you require.
echo " <a href='../search.php?query=".urlencode($word)."&select=all' target='rel' title='".($word)."'>".($word)."</a>";
and on the other page you can have urldecode
echo urldecode($_GET['query']);