I am fetching '$' symbol from uri.
And I have already added $ in permitted_uri_chars in config file.
Later I am fetching data from database using that uri string.
issue can be seen from below example.
MY Url is like this ....
.....com/search/shirt/$
My Example code is this ...
echo $this->uri->segment('3');
echo "<br>";
var_dump($this->uri->segment('3'));
echo "<br>";
$dol_sign = '$';
echo $dol_sign;
echo "<br>";
var_dump($dol_sign);
MY Output of above code is this ...
$
string(5) "$"
$
string(1) "$"
it is taking segment as differently. that is why i m having issue in fetching data from DB matching with URI segment.
Your first sign is an HTML encoded entity - if you see the source of the page you'll see & instead of a simple &.
You can use the PHP html_entity_decode() function to decode it into the normal character, or test against it.
Related
I save a php string as
$url = "http://example.com/index.php?q=board/ajax_call§ion=get_messages";
The url when printed to screen displays as
"http://example.com/index.php?q=board/ajax_call§ion=get_messages" as "§" gets auto converted to special char "§".
How can I prevent this so that I can call the correct URL using cURL .
Your Problem
The problem is that § is interpreted by the browser as the HTML entity for §.* So, §ion displays as §ion.
The Solution
If you're going to print the URL itself, you need to escape the & and turn it into &. You can do this automatically using htmlentities(). Sample code:
<?php
$url = "http://example.com/index.php?q=board/ajax_call§ion=get_messages";
echo "Without htmlentities(): " . $url . "\n";
// output: http://example.com/index.php?q=board/ajax_call§ion=get_messages
echo "With htmlentities(): " . htmlentities($url) . "\n";
// output: http://example.com/index.php?q=board/ajax_call§ion=get_messages
Here's a demo.
A Note About Security
Note that using htmlentities() here is a good idea for lots of other reasons. What if somebody used this URL?
http://example.com/index.php?q=board/ajax_call§ion=get_messages<script src="http://evilsite/evil.js></script>
If you just dumped it out onto the screen, you have just included an evil JavaScript. Congratulations! You just hacked your user and, probably, got your own site hacked. This is a real problem called XSS (Cross-Site Scripting). But if you call htmlentities() first, you get:
http://example.com/index.php?q=board/ajax_call§ion=get_messages<script src="http://evilsite/evil.js></script>
That's safe and won't actually run the evil script.
* Technically, the HTML entity is §, with the semicolon, but nearly all browsers with treat it as an HTML entity with or without the semicolon. See this answer for a good explanation.
Change the & to &.
(See w3c markup validator ampersand (&) error for a bit more information.)
I'm working with a database and comparing values to strings to then create new records. I've encountered an issue with a comparison with a database value that is stored in a $type variable - the offending value is:
<recordID>
In my PHP script I do a test to see if the database value = "":
if ($type == '<recordID>') {
// create new records etc
}
however I've just noticed this test is failing, and I'm assuming it's the "<" and ">" characters that is the issue. If I echo the $type variable I get this in the browser source view:
<contactID>
I can see the issue relates to htmlentities and html special chars but I haven't been able to work out the function to use to be able to get this comparison above to work.
You can use builtin for it
<?php
echo htmlspecialchars_decode($type);
?>
I have a download page that take arguments like the download URL, the download-counter data file url, and the page to return to after downloading.
It is arranged like so:
start.php?url=...&page=...&file=...
(Download url, redirect page, counter file)
The problem is, when the redirect page contains PHP arguments with ? and & symbols, the URL becomes a confusing mess for PHP to work with.
Example:
start.php?url=URLTEXT&page=page?test1=x&test2=xx&file=FILETEXT
What should happen:
url=URLTEXT
page=page?test1=x&test2=xx
file=FILETEXT
what happens:
url=URLTEXT
page=page?test1=x
test2=xx
file=FILETEXT
How could I substitute characters or somehow make these arguments pass correctly in php?
Thanks for any help you can give.
Well, I'm not sure how your "messed up" URL looks like. However the string after the "?" is called Query String, and you can decode/encode it with
urlencode($normalString); //will be encoded for use in URL
urldeocde($queryString); //will be decoded for "normal" use
EDIT:
Here is some short example:
echo "Encode for use in URL: ";
echo urlencode("this is a string & üäöllasdlk<bbb2");
echo "<br />";
echo "Decode to use it in your script: ";
echo urldecode($_SERVER['QUERY_STRING']);
Output:
Encode for use in URL:
this+is+a+string+%26+%C3%BC%C3%A4%C3%B6llasdlk%3Cbbb2
Decode to use it in your script: test=12
(Assuming you have a Querystring containing the variable test=12)
Just use htmlspecialchars function on your URL string:
http://php.net/manual/en/function.htmlspecialchars.php
A string I'm working with in PHP comes from a text file and the line reads:
<Unknown>
However when I var_dump the array variable associated to this line, it reads
string(9) ""
I've inserted the same data <Unknown> before into MySQL and have never had this problem.
That's because you are var_dumping it and using your web browser to see the output, anything between < and > is regarded as a HTML tag by your browser, thus you see no output but with string(9)
You can try:
echo '<pre>' . print_r($var, 1) . '</pre>';
If you would like to surely see:)))
$var = "<unknown>";
var_dump(htmlspecialchars($var));
http://php.net/manual/en/function.htmlspecialchars.php
My Browser shows URL with file name as
http://www.example.com/pdf/204177_20090604_Chloorhexidine_DCB_oogdruppels_0%2C1%25.pdf
Actual File name is 204160_20090604_Atropine_DCB_oogdruppels_0,5%.pdf
After urldecode, it gives wrong file name as
http://www.example.com/pdf/204177_20090604_Chloorhexidine_DCB_oogdruppels_0,1%.pdf
Update:
Initially I thought that its problem of URL Decode, but files like name 204153_20090605_Aluminiumacetotartraat_DCB_oordruppels_1,2%.pdf while rendering in browser throws Bad request. I am using Kohana 3 framwork. Is it related with server?
$url = 'http://204160_20090604_Atropine_DCB_oogdruppels_0,5%.pdf';
$encode = urlencode($url);
$decode = urldecode($encode);
echo $url."<br />";
echo $encode."<br />";
echo $decode."<br />";
// outputs
http://204160_20090604_Atropine_DCB_oogdruppels_0,5%.pdf
http%3A%2F%2F204160_20090604_Atropine_DCB_oogdruppels_0%2C5%25.pdf
http://204160_20090604_Atropine_DCB_oogdruppels_0,5%.pdf
All ok. You're error is somewhere else.
You are looking at two different files.
It's not possible to urlencode 204160_20090604_Atropine_DCB_oogdruppels_ into 204177_20090604_Chloorhexidine_DCB_oogdruppels_, encoding does not change alphabetical characters.
The error is most likely in the code that creates the file list and outputs the links; the mapping between link titles and filenames appears to be messed up.
this will give you exact file name m using c#
Server.UrlDecode("http://www.example.com/pdf/204160_20090604_Atropine_DCB_oogdruppels_0,5%25.pdf")
, (comma) is encoded as %2c
% (percent) is encoded as %25 by browsers
if you use Request.Url it'll decode ,(comma) but not %(percent)
So Server.UrlDecode("xyz") decode all characters except %(percent), thats y there's "%25" in the above filename