Running into a problem with a form I have built. A user typed in a hash (#) for their address in the address field. When their address is put into a query string after the form is submitted all of my GET variables are broke after the field with the #. Anyone know why this would happen? Do I need to convert the # to a different character or use some other type of encoding? This is the code I have on the page that grabs the values from the query string..
<?php echo $_GET["address"]; ?><br/> // if this field has a # in the value, the GET variables below do not work..
<?php echo $_GET["city"]; ?><br/>
<?php echo $_GET["state"]; ?>
A # is a valid anchor symbol in URL and only has meaning to the client browser.
In all likelihood you should probably be using a POST for this form rather than a GET, at which point this issue goes away.
Usually a good rule of thumb is to use URL parameters (GET) for cases where you want the URL to be navigable by any user and where such navigation will not change any data on the server (or do things like trigger emails, etc.). A good example of this might be the use of product ID's in the URL for a e-commerce catalog application to determine what product to show on a page.
You should typically use POST for cases where you are going to change data on the server or trigger some action which basic navigation to a page should not trigger. Building on the earlier example of an e-commerce app, you might typically use POST to add an item to a users shopping cart.
get parameter should be url endcoded http://www.php.net/manual/en/function.urlencode.php another option would be to build your query string with http_build_query (http://php.net/manual/en/function.http-build-query.php)
The hash in a url is a document fragment and read by the browser. Hence anything after the hash sign in a url will not be transferred to the server as a query. You need to URL encode the hash (by javascript i presume). See :http://www.w3schools.com/tags/ref_urlencode.asp
Related
So, I'm trying to make a template type page that when a user clicks a product link, it takes them to the page and the php script auto-fills the page with the product info in the placeholders. The problem I'm having is I don't know how to make the product picture a link to the template page AND carry over a post method to let the php script know which product data to pull from the prelaoded array that I filled with product data from the php sql query. Any ideas?
Since you're mentioning anchors, that is a bad idea. They are usually encoded in the URL behind the hash sign (#) and not sent to the server.
So, one way to do it, is to either include the relevant data in the form content, e.g. in a hidden field.
Or another way would be to append it as a query parameter to the URL.
Hope that helps, and not taking security into account (e.g. both methods make it easy to perform SQL injection, or the parameters could be used to display something you don't want the user to select because it's out of stock, etc. pp.)!
since you're mentioning anchors with post, in my opinion this is not possible but one way to do it, is that using jquery and ajax.
see below link:
you can find the answer here
I have some php code like following lines of code when clicking on the image it goes to different departments.
Departments.php?DepartmentsID=6?&CampusID=1
which shows in url when click on it.
How I can easily encrpt it so that it doesnot show in url same is the case with downloading some file.
download.php?filename=abc.pdf?
how i can disable or encrpt the code so that i didn't show up in url.
thanks
want to hide varibles that as passing through html link
as far as I understand you want to pass some kind of token as the link and not something readable like the filename or an id to your site to handle the request. (the user only sees tokens and nothing else)
so clicking on a link gives you something like Departments.php?action=907fgash6f8906a6asf6g...
If you want something like that you would need some kind of database to store your tokens so your code knows what to do on a given token.
Or you could use actual encryption which you would have to decrypt and of course keep your key hidden and secure.
I don't understand why you need to do all this. If you can give more insight on why you want to do this there might be a better solution
In your PHP form change or set the method as method = "POST".
You're using the URI as a GET parameter which is where you are receiving such complications. You can choose a more MVC related method to approach this:
www.example.com/6/1
The above example represents the Department ID as 6 and the Campus ID as 1 using a router. I suggest using AltoRouter.
$router = new AltoRouter();
$router->map('GET|POST', '/[i:d]/[i:c]', function($department, $campus) {
echo "Department $department on Campus $campus.";
// Add your code logic
}, 'Name of route');
$router_match = $router->match();
if($router_match && is_callable($router_match['target'])) {
call_user_func_array($router_match['target'], $router_match['params']);
exit();
}
// Some 404 stuff.
This can be used for mutli-mapping meaning you can change the download link to whatever you like, for example just unique file ID's that the end user must know to access it and on top of that, it could be a RBAC file before the download so only X users can download / view certain topics.
This repeats some of the info answered by others:
use POST, this only removes the ability to read the data in query URL but is still in clear text.
Ensure SSL is enabled for transport encryption
Use encryption at the message layer, the actual text itself can be encrypted if you so desire
Extra note, if the data is that sensitive and is stored at REST say in a DB, you may want to encrypt it there as well.
Basically "defense in depth" is the approach, there is never a silver bullet
Using PHP (for the first time in my life) and working in a CMS environment without access to the back-end PHP pages or code, I created a form on one page that places four parameters into the url of the next page to which the form send its data.
Here is the form page:
http://CMSDetroit.org/480
Here is the url the form generates:
http://www.chambermusicdetroit.org/422?School=formdata&Grade=formdata&Teacherformdata=&Handle=formdata
I need to collect the parameter information from the url and pass it on to the url of the next page after this one, either by putting a command into every link on the page (422), or through some other more efficient method.
I've tried all sorts of things and keep coming up dry...help!?!
For PHP see $_SERVER and more specifically QUERY_STRING
Then with that I'm not sure how you are invoking the next page? maybe with header?
header('Location: http://www.example.com/?' . $_SERVER['QUERY_STRING');
exit;
Point being it is just one large string. If you don't know already you use $_GET and key to extract the individual values or if you want you can use explode on the QUERY STRING
This is one of those situations where I feel like there is a simple answer right in front of me...hopefully you guys/gals can show me the light.
PROBLEM :
I have a client that wants to maintain a query string across all pages on their site, only if they arrived at the site via a link that contains the query string.
This query string would also need to be passed with any external link from the site.
INFORMATION :
An example of the query string :
?utm_medium=<ad_placement>&utm_source=<ad_source>
(Obviously this is for tracking conversions from ads)
We're currently tracking all this stuff via Google Analytics (so, yes, I know that's an alternative), this is for an extra layer of reporting.
I did not code their site, which brings it's own set of issues (example: I'm not even sure they use a common header among all pages) - so I'm hoping there is a KISS answer out there for this.
Any suggestions?
If you just want to persist this exact query string on each page, why not set the linked pages to insert the string into a session variable. Then on each page link check to see if the session variable exists and add it to the query string when redirecting.
So - the answer here was this :
Use JS to grab the query string
Validate the query string
Add to a cookie
Append the cookie'd query string to every href in the DOM
Like I said...I knew there was a simple example staring me in the face haha!
This question is old and obviously must have been solved by now by #aepearson.
Adding another answer from current day perspective.
Now, one can also easily use sessionStorage also to save navigation data into a key. Pick it up whenever required, and add to url.
Example from Mozilla
// Save data to sessionStorage
sessionStorage.setItem('key', 'value');
// Get saved data from sessionStorage
var data = sessionStorage.getItem('key');
// Remove saved data from sessionStorage
sessionStorage.removeItem('key');
// Remove all saved data from sessionStorage
sessionStorage.clear();
I want to store a variable in the URL while they are browsing.
For example:
A menu, when the user selects ?category=shopping it goes to a map with shopping and they can click on a place and it should go to ?category=shop&id=22.
If they return to the menu then the ?category should be removed and if they click on something else e.g ?category=cafe.
I've been really puzzled with this and would appreciate any help - thanks!
If you just need to store state between pages, as your title suggests, then you can store this information inside the $_SESSION superglobal array. You start a new session by running session_start() as the very first line of any new page, before any output is sent to the browser. Anything you then store inside of $_SESSION will be available when you start the session in the same way on the next page.
If you're only interested in building a query string (i.e. the ?field=value&field2=value2 portion of the URL), as the content of your question indicates, then you might want to take a look at the http_build_query() function.
Your question seems a little ambiguous to me as to what your actual goal is for this, so I gave you both approaches. Just remember that you should use $_SESSION for state, and http_build_query() for creating dynamic URLs to point to specific content. Also remember that if the data needs to be secure, then you shouldn't put it in the URL or anywhere else the user could modify it, or where others could read it (e.g. in the browsers address bar). That sort of information needs to be in $_SESSION.
Thats a good use for session variables.
$_SESSION["category"]="stuff";
you can then keep it until you dont want it any more, or they terminate their session
I want to store a variable in the URL while they are browsing.
You can't actually "store" anything in the URL.
If you want to pass some data from one page to another using query string, you have to add this data to the query string.
"A map with shopping" should add category to the every it's link.
That's the way every web application works.
Session is not the way to go, because every page on the site should have it's address, and your category being important part of this address. If you store it in the session, no bookmark can be added, no link to be sent to a friend and no search engine will index your goods.