i have a string send by $_GET['foo']="C# Programmer";
when I echo $_GET['foo'], it only print C
is any way to solve this problem when string container # or other symbols send by $_GET
Spaces and hashes (#) are not valid in HTTP URLs and will need to be encoded if you want to use it in parameter values. You can use urlencode() to create URL-safe paramter values.
The following should work:
foo=C%23%20Programmer
If you're trying to send the GET request from a different page, you'd want something like this:
<?php
$var = 'C# Programmer';
?>
Go
Now, in select.php, if you try to echo $_GET['foo'];, it'll display C# Programmer.
Make use of functions like urlencode for passing this kind of values, and urldecode to get this values. Try to make use of post method to avoid this kind of problems
You shoud use the function named urlencode which returns a string in which all non-alphanumeric characters except -_. have been replaced with a percent (%) sign followed by two hex digits and spaces encoded as plus (+) signs.
<?php
$var = 'C# Programmer';
?> <!-- end of PHP code -->
<a href="select.php?foo=
<?php echo urlencode($var) ?> <!-- start and end of PHP code -->
"> Go </a>
Live example
For more information, read about urlencode.
Related
I am working on a project and a lot of my variables need to contain special characters such as {}[].'"!?/\=+- and many more what is the safest way to pass these variables back and forth between SQL, PHP, and output? and how can I prevent a variable from interfering with my code? Ie:
<?php
echo $var;
echo '$var';
echo "$var";
?>
The best way would be to URL encode your data as soon as it is supplied. Then store it and when you are using it, urldecode it.
Something like
string urlencode ( string $str )
To encode and
string urldecode ( string $str )
To decode. This changes your "special" characters into safe characters.
In PHP, the name of a variable cannot contain special characters (other than the initial dollar sign $ and underscores _). The value of a variable can contain whatever you'd like so long as you follow the rules of defining PHP strings.
The variable values won't interfere with your code. If you're concerned about it interfering with your output HTML, use htmlspecialchars as Rocket Hazmat suggested in the comments.
You can use PDO/MYSQL for isnerting the data into the database..
For converting into html entites you can use htmlchars() function.
An example:
<?php
${'[\*var'} = 1;
echo ${'[\*var'};
https://3v4l.org/5Dr93
I have an application that posts content to a MySQL DB via PHP. The PHP uses $_GET to pull the content from the URL and then inserts it into the DB.
This works great, but I have discovered an issue. If the user enters certain characters (", &, and others), the $_GET method does not properly separate the content from the URL.
Let's say the user posts this content:
I love blue & green
In this situation, the & symbol cuts the string after the word blue.
Is there any way for me to edit my PHP file to ignore the & symbol and to actually treat it as part of the variable it is supposed to $_GET? Any help would be great!
You can URLencode data before sending it to the PHP. It's a better solution.
Specials chars must not be used in a query string if those chars are in data.
In Javascript, you can use the escape function : escape(&ee) will give %26ee
The correct method is to urlencode the "&" caracter by the client : pass "%26" instead of "&"
you can use $_SERVER['QUERY_STRING']
from http://php.net/manual/en/reserved.variables.server.php
You could send the request as a base64 encoded string:
$string = base64_encode("This is my long string with &ersands and 'quotes'");
print base64_decode($string);
Note that base64-encoded data takes about 33% more space than the original data.
From the manual:
http://php.net/manual/en/function.base64-encode.php
You also have urlencode
try to urlencode your string:
&
becomes
%26
it's a PHP function :
http://php.net/manual/fr/function.urlencode.php
What about, before creating Query string, encode it ?
$str = "I love blue & green ?=&˙Đ[]";
$str = urlencode($str);
echo $str;
Will return:
I%20love%20blue%20%26%20green%20%3F%3D%26%CB%99%C4%90%5B%5D
You have to URL encode the string before you pass it as a GET parameter. In this particular case you have to replace & symbol with %26.
This can be done for example using javascript right before you send the form.
I am trying to pass percent (%) sign in url like
%B6011000995504101^SB
but when I echo, it returns
♦011000995504101^SB
I want exact same value as I pass it in URL.
I have tried to use urlencode() function, but it give me output like this...
%B6011000995504101%5ESB
please help me regarding this
Answer:
To send a % sign in a url, instead send %25.
In your case, in order for php to see a percent sign, you must pass the character string %25B6011000995504101^SB to the server.
Why:
In URLs, the percent sign has special meaning. Is used to encode special characters. For example, & is the separator between parameters, so if you want your parameter to actually contain an &, you instead write %26. Because the percent sign is used to encode special characters, it is also a special character, and so if you want to actually send a percent sign, it must also be encoded. The encoding for a percent sign is %25.
Before including a raw string in a URL it's a good idea to pass it through urlencode like so:
<?php
$original='%B6011000995504101^SB';
$updated=urlencode($original);
echo "Link here";
?>
The receiving page will know what to do - give this example a try on your webserver:
<?php
if($_GET['argument']) {
echo "<p>You passed in the argument "$_GET[argument]"</p>";
}else {
echo "<p>No argument was passed.</p>";
}
$original='%B6011000995504101^SB';
$updated=urlencode($original);
echo "Link here";
?>
(name the file urlencode.php)
I'm echoing a php string variable into html
<span class="title_resource">
<?php echo $titulo; ?>
</span>
But when the plus sign (+) is present, it turns into a space.
I've already tried using urlencode but then I get something like "Constru%25C3%25A7%25C3%"
Should I use something like string replace?
Thanks in advance
Update:
$titulo is setted using $_GET
if (isset($_GET['T']))// title
$titulo = $_GET['T'];
(...)
More clear, perhaps
I want to send exactly this text "Estudo de ax^2 + bx + c". The page receives by $_GET. When I print this value I get "Estudo de ax^2 bx c"
Its the way values as encoded to be sent over using GET, spaces are converted to + and + are converted to %2B.
If you really want to send the plus symbol over the form, then replace the spaces with plus
$text= str_replace(" ", "+", $text);
Next make sure your form uses correct enctype either application/x-www-form-urlencoded or multipart/form-data
I think you should be using urldecode not urlencode ...
<span class="title_resource">
<?php echo urldecode($titulo); ?>
</span>
If this does not work ... can you add the full script .. where you passing , are you using POST etc .. so that i can help you better
:)
Seems like your variable is going through urldecode
I am very confused about the following:
echo("<a href='http://".urlencode("www.test.com/test.php?x=1&y=2")."'>test</a><br>");
echo("<a href='http://"."www.test.com/test.php?x=1&y=2"."'>test</a>");
The first link gets a trailing slash added (that's causing me problems)
The second link does not.
Can anyone help me to understand why.
Clearly it appears to be something to do with urlencode, but I can't find out what.
Thanks
c
You should not be using urlencode() to echo URLs, unless they contain some non standard characters.
The example provided doesn't contain anything unusual.
Example
$query = 'hello how are you?';
echo 'http://example.com/?q=' . urlencode($query);
// Ouputs http://example.com/?q=hello+how+are+you%3F
See I used it because the $query variable may contain spaces, question marks, etc. I can not use the question mark because it denotes the start of a query string, e.g. index.php?page=1.
In fact, that example would be better off just being output rather than echo'd.
Also, when I tried your example code, I did not get a traling slash, in fact I got
<a href='http://www.test.com%2Ftest.php%3Fx%3D1%26y%3D2'>test</a>
string urlencode ( string $str )
This function is convenient when
encoding a string to be used in a
query part of a URL, as a convenient
way to pass variables to the next
page.
Your urlencode is not used properly in your case.
Plus, echo don't usually come with () it should be echo "<a href='http [...]</a>";
You should use urlencode() for parameters only! Example:
echo 'http://example.com/index.php?some_link='.urlencode('some value containing special chars like whitespace');
You can use this to pass URLs, etc. to your URL.