i am processing a activation link.which looks like this.
localhost/actvte/validate.php?type=activate&geo=define&
value=227755RYQBENU5G8WE7RFPO6CD6Z#MJ1H1FA#G#IZWZ53903
&target=loaded&resrc=G6MYMI2R67727229911380184297841084713071U8VUYIGR
&master=user#gmail.com
but when i use $_get['value'] i get o/p only "227755RYQBENU5G8WE7RFPO6CD6Z".after this whole link becomes useless.if i do
echo $_get['target']; or echo $_get['master'];
it says undefined variable 'target' or 'master'.
so how can i process this large link.
What you should do is use the urlencode() function in PHP on the string before putting it in the GET. This way your string becomes 227755RYQBENU5G8WE7RFPO6CD6Z%23MJ1H1FA%40G%23IZWZ53903 and not 227755RYQBENU5G8WE7RFPO6CD6Z#MJ1H1FA#G#IZWZ53903 as special characters cannot be used in the query string.
Hashes for example will never even be send by the browser to the server, so everything behind that will not reach you.
Please look at RFC 3986 for more information about the URI syntaxing (including hashes).
By not using or properly encoding the fragment identifier (#).
You should not use # in the URL but encode it some way, or use another character.
The first # in a URL indicates the start of the fragment identifier. If you want to send it as data rather then a separator component of a URL then you need to express it as %23.
Related
I am sending the below url with query string. In the query string one parameter
"approverCmt" has value with hash(#).
"/abc/efd/xyz.jas?approverCmt=Transaction Log #459505&batchNm=XS_10APR2015_082224&mfrNm=Timberland"
In server side when I tried to retrieve it from the request I get
approverCmt = Transaction Log -----> "#459505" is missing
batchNm = null
mfrNm = null
And If I remove hash(#) from query string or If I replace # with %23 every thing works fine
I don't understand why I am getting null for one parameter if another parameter contains a hash(#) symbol.
Appreciate if any one can explain.
This is known as the "fragment identifier".
As mentioned in wikipedia:
The fragment identifier introduced by a hash mark # is the optional last part of a URL for a document. It is typically used to identify a portion of that document.
The part after the # is info for the client. It is not sent to the server. Put everything only the browser needs here.
You can use the encodeURIComponent() function in JavaScript to encode special characters in a URL, so that # characters are converted to other characters that way you can be sure your whole URL will be sent to the server.
The Hash value is for the anchor, so it is only client-side, it is often used in client-side framework like angular for client-side routing.
The anchor is NOT available server-side.
In your case you don't need an anchor, but a parameter value with a # break the query string the value is "Transaction Log #459505".
EDIT Naive solution that doesn't work, just let it ther for history, See Real solution below
The solution is to encode client-side and decode serveur-side
Encoding in javascript
encodeURI("Transaction Log #459505")
//result value "Transaction%20Log%20#459505"
Decode in Java
java.net.URLDecoder.decode("Transaction%20Log%20#459505");
//result "Transaction Log #459505"
EDIT: But: Javascript doesn't encode in the same way than Java
So the correct answer (I hope) is to manually replace all your # with %23, then Java will decode it normally, or to use encodeURIComponent as suggested in comments. For your need the replace solution seem to be enough.
Encode in Javascript:
encodeURI("yourUrl/Transaction Log #459505").replace(/#/,"%23")
//result: yourUrl/Transaction%20Log%20%23459505
The decode in Java doesn't change
java.net.URLDecoder.decode("Transaction%20Log%20#459505")
// result (java.lang.String) Transaction Log #459505
Sorry for long post, I didn't see the difference bettween Java and the JavaScrip Url encoding
the hash is an anchor:
see wikipedia for more information
I'm trying to send a parameter via GET.
This is my url:
http://localhost/app_yy/public/hotel/cancel?AvailSply=ID_B2B_20#RA1B2BHB
This is the result of the print_r function:
Array
(
[AvailSply] => ID_B2B_20
)
However, I was expected AvailSply to be ID_B2B_20#RA1B2BHB -- why is part of it cut off?
The problem
Why is part of it cut off?
Because the parameter contains a #. If you have a pound in your URL, it won't be treated as part of a GET parameter, but the fragment identifier. See how the part that's there is the same as the part in front of the #? That's because the browser is assuming anything after it is a
That syntax -- "anything after the # identifies a fragment" -- means that you can't include that character in a GET parameter.
The solution
You can percent-encode it, though, which means your URL will look like
http://localhost/app_yy/public/hotel/cancel?AvailSply=ID_B2B_20%23RA1B2BHB
rather than what you have. Note the %23 instead of # -- that, when decoded, turns into a #, but doesn't trigger the fragment identifier parsing.
There are plenty of libraries to URL-encode stuff -- in PHP, for example, you can use urlencode and urldecode.
The Wikipedia article has a good description of what a fragment identifier is, but in layman's English, the fragment identifier marks where in the page you wanna go. It's useful if you want to, say, link to subheadings in a document, or tabs within a page. However, here, it's not what you want.
In an URL, with the number sign (#) hashes, or links to ancors, are tagged.
If you wish to transmit # as a GET parameter value you have to escape it:
In Javascript:
escape(value)
Manually (%23 stands for #):
....?AvailSply=ID_B2B_20%23RA1B2BHB
I wrote a script that when you enter a textbox, it will open an invisible iframe to a .php file with $_GET of what they wrote into the textbox.
However, for example, if I type: '<3' in it, this is what happens.
PHP determins that the $_GET[s] is blank! Users cant put a simple <3 symbol without getting that error.
Another problem is quotes, if I write any quotes, it will end the entire SRC property.
What should I do? Should I do something with javascript, or even PHP? Please let me know!
Thanks!
Use urlencode to encode the inputted string into a valid one for URL use.
Also be very cautious when allowing user input into your PHP script through the URL. Make sure you do proper checks/sanitization, especially if database operations are involved.
It looks like your iframe is generated by JavaScript, so all those answers that include PHP functions are useless. The data isn't even reaching PHP, so how can any PHP function hope to help?
Instead, try using urlencode from PHPJS, since none of JS's functions really handle all cases well, and this makes it easy for you to use PHP's urldecode to retrieve the data.
You need to encode that character as <.
Regarding double quotes, you can use this trick.
attr='Your string can "contain double quotes"'
or
attr="Your string can 'contain double quotes'"
but while specifying variable=values in url, you don't need to user double quotes, you can directly assign the values.
like
url="test.php?var1=123&var2=345"
rest about sending the <3 characters, you can check for url encoding in javascript & PHP whichever applicable!
I am having a problem passing a json string back to a php script to process.
I have a json string that's been created by using dojo.toJson() that contains a / and looks like this:
[{"id":"2","company":"My Company / Corporation","jobrole":"Consultant","jobtitle":"System Integration Engineer"}]
When I pass the string back to the php script it get's chopped at the / and creates a malformed json string, which then means I can't convert it into a php array.
What is the best way of escaping the / in this string? I was looking at regular expressions and doing a string.replace() however my regex isn't that strong, and I'm not sure if there are better ways of doing this?
Many thanks
You shouldn't need to do anything special to represent a / in JSON - a string can contain any character except a " or (when not used to start an escape sequence) \.
The problem is possibly therefore in:
the way you parse the JSON server side
the way your parse the HTTP data to get the JSON string
the way you encode the string before making the HTTP request
(I'd bet on it being the last of those options).
I would start by using a tool such as LiveHttpHeaders or Charles Proxy to see exactly what data is sent to the server.
(I'd also expand the question with the code you use to make the request, and the code you use to parse it at the other end).
\/. Take a look here. The documentation is really easy to read, concise and clear. But unescaped / should still be valid in JSON's string so maybe your bug is somewhere else?
Ok. Anyway.
When passing variables to PHP don't use JSON - it's good for passing variables other way.
Instead you better use http://api.dojotoolkit.org/jsdoc/1.3/dojo.objectToQuery method and on PHP side parse standard PHP $_GET variables.
EDIT: Ok, I'm 'lost in the woods' here also, but here's a tip - check if you don't have some mod_rewrite rules in action here. Kind of seems like that.
Also, if you can send me the URL which gave you 404 (you can cut out domain part, i'm interested in script filename and all afterwards) maybe I can give you more detailed answer.
To be clear, whether you choose to send JSON to PHP or use regular form values is a matter of preference. It /should/ work either way. It sounds like you aren't url-encoding the JSON at the client-side so the server-side is treating / as a path delimiter. In which case its borked before json_decode gets to it.
so, try encodeURIComponent( dojo.toJson(stuff) )
json_encode() used to escape forward slashes. like this:
prompt> json_encode(json_decode('"A/B"'));
string(6) ""A\/B""
JSON_UNESCAPED_SLASHES was added in PHP5.4 to suppress this behavior.
I have made one form in which there is rich text editor. and i m trying to store the data to database.
now i have mainly two problem..
1) As soon as the string which contents "#"(basically when i try to change the color of the font) character, then it does not store characters after "#". and it also not store "#" character also.
2) although i had tried....in javascript
html.replace("\"","'");
but it does not replace the double quotes to single quotes.
We'll need to see some code. My feeling is you're missing some essential escaping step somewhere. In particular:
As soon as the string which contents "#"(basically when i try to change the color of the font) character
Implies to me that you might be sticking strings together into a URL like this:
var url= '/something.php?content='+html;
Naturally if the html contains a # symbol, you've got problems, because in:
http://www.example.com/something.php?content=<div style="color:#123456">
the # begins a fragment identifier called #123456">, like when you put #section on the end of a URL to go to the anchor called section in the HTML file. Fragment identifiers are purely client-side and are not sent to the server, which would see:
http://www.example.com/something.php?content=<div style="color:
However this is far from the only problem with the above. Space, < and = are simly invalid in URLs, and other characters like & will also mess up parameter parsing. To encode an arbitrary string into a query parameter you must use encodeURIComponent:
var url= '/something.php?content='+encodeURIComponent(html);
which will replace # with %35 and similarly for the other out-of-band characters.
However if this is indeed what you're doing, you should in any case you should not be storing anything to the database in response to a GET request, nor relying on a GET to pass potentially-large content. Use a POST request instead.
It seems that you are doing something very strange with your database code. Can you show the actual code you use for storing the string to database?
# - character is a common way to create a comment. That is everything starting from # to end of line is discarded. However if your code to store to database is correct, that should not matter.
Javascript is not the correct place to handle quote character conversions. The right place for that is on server side.
As you have requested....
I try to replay you... I try to mention exact what I had done...
1) on the client side on the html form page I had written like this..
html = html.trim(); // in html, the data of the rich text editor will come.
document.RTEDemo.action = "submit.php?method='"+ html.replace("\"","'") + "'";
\\ i had done replace bcz i think that was some problem with double quotes.
now on submit.php , my browser url is like this...
http://localhost/nc/submit.php?method='This is very simple recipe.<br><strong style='background-color: #111111; color: #80ff00; font-size: 20px;">To make Bread Buttor you will need</strong><br><br><blockquote><ol><li>bread</li><li>buttor</li></ol></li></blockquote><span style="background-color: #00ff80;">GOOD.</span><br><br><br><blockquote><br></blockquote><br>'
2) on submit.php ........I just write simply this
echo "METHOD : ".$_GET['method'] . "<br><br>";
$method = $_GET['method'];
now my answer of upper part is like this...
METHOD : 'This is very simple recipe.
now i want to store the full detail of URL....but its only storing...
This is very simple recipe.