This question already has answers here:
php parameter with apostrophes
(2 answers)
Closed 2 years ago.
Part of my PHP code includes the construction of a URL string as follows:
$msg = $_REQUEST["msg"];
$content = 'action=sendmsg'.
'&user='.rawurlencode($username).
'&password='.rawurlencode($password).
'&to='.rawurlencode($destination).
'&text='.rawurlencode($msg);
When $msg happens to contain an apostrophe, it get sent as "\'".
What do I need to do to make sure the backslash is not inserted by PHP?
You probably want to check out stripslashes: http://php.net/manual/en/function.stripslashes.php
Assume you want to send the $content variable instead of just stripping the backslashes, Consider to use urlencode() instead of rawurlencode(). Also, you can use the function once for your $content variable.
$content = urlencode($content);
UPDATE: both urlencode and rawurlencode may not fit your case. Why don't you just send out the $content without URL encode? How do you send our the query string? If you are using cURL, you do not need to encode the parameters.
You can try
Stipslashes
or put the string in "" and add ' where you want.
Related
This question already has answers here:
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 2 years ago.
I want to send a system message that addresses the user with his first name. The message is stored in a .txt file as:
Hello $user->firstname
Login link: something.something/user/id
In the userController (where the message is sent from) I'm now trying to replace the $user->firstname with the actual $user->firstname:
$output = file_get_contents(Yii::$app->basePath."message.txt");
$user = $this->findModel($id); //this is tested and works
$output = str_replace("$user->firstname", $user->firstname, $output);
However, my output after this is still the exact same as in the text file. What am I doing wrong?
I think it might be as simple as using single quotes in your str_replace call:
$output = str_replace('$user->firstname', $user->firstname, $output);
When you use double quotes, PHP has already tried to replace the string before calling str_replace.
See https://www.php.net/manual/en/language.types.string.php#language.types.string.parsing for more information.
$output = str_replace("$user->firstname", $user->firstname, $output);
Variables inside double quotes get replaced - so you are not trying to replace the text $user->firstname here, you are trying to replace the text George (assuming that was the users first name) - but there is no George in your input text, so … nothing to replace.
Use single quotes, or escape the $ sign with a \
This question already has answers here:
json_encode() escaping forward slashes
(4 answers)
Closed 4 years ago.
My database contains links to images which are displayed properly within their structure. When I run my PHP code, the outputted JSON values are the same image links which fail to load because the links keep being outputted like this:
https:\/\/i.ebayimg.com\/00\/s\/NDQwWDgwMA==\/z\/ViAAAOSwhmtbN7fe\/$_59.JPG\r\n
Even though the database displays it like this:
https://i.ebayimg.com/00/s/NDQwWDgwMA==/z/ViAAAOSwhmtbN7fe/$_59.JPG
Is there something wrong with my PHP code?
you can use string replace function in php for remove (\)
$your_string = str_replace("\\", "", $your_string);
Simple use stripslashes()
First remove \r\n using str_replace() from link/url and then apply stripslashes()
$link = 'https:\/\/i.ebayimg.com\/00\/s\/NDQwWDgwMA==\/z\/ViAAAOSwhmtbN7fe\/$_59.JPG\r\n';
$link = stripslashes( str_replace("\\r\\n", '', $link) );
echo $link;
I want to post an input box that have single quote inside it to a php file.I've used ' but it sends some backslashes:
<input type="hidden" name="legal_natural" value="$store_info['legal_natural']">
result:
$store_info[\'legal_natural\']
Please tell me how can I avoid backslashes when I post ' to a PHP file?
See this : SO Question
Here's an answer from that question:
Assume you want to send the $content variable instead of just stripping the backslashes, Consider to use urlencode() instead of rawurlencode(). Also, you can use the function once for your $content variable.
$content = urlencode($content);
UPDATE: both urlencode and rawurlencode may not fit your case. Why don't you just send out the $content without URL encode? How do you send our the query string? If you are using cURL, you do not need to encode the parameters.
This question already has answers here:
json_encode() escaping forward slashes
(4 answers)
Closed 7 years ago.
When i insert url like this
alliedpaint-001-site1.smarterasp.net/white.png
in mysql and encode it using json my url shows like this
alliedpaint-001-site1.smarterasp.net\/white.png
How i can solve this?
json_encode returns the string, it inserts "\" in order to avoid special interpretation.
you can do 2 things-
1) json_encode($mystring, JSON_UNESCAPED_SLASHES);
or
replace "\" with space using regex.
Hope this helps.
This question already has answers here:
How can I properly escape HTML form input default values in PHP?
(3 answers)
Closed 8 years ago.
http://pastebin.com/Jti6DWU6 <--
This is a script in which there are 3 forms and i want to prevent special chars in the first field to prevent iFrame Injection...
I suck at programming
Can anyone help me with this?
You may use htmlspecialchars, that's what that function is for.
Check the manual.
Here's an example from the manual:
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
Just add the string to the 1st argument of the function. The 2nd will tell the function how to handle quotes. In the example above, it will convert both double and single quotes.
Classical protection that google could have provide you in a few seconds...
htmlspecialchars or htmlentities is the way to go.
https://php.net/htmlspecialchars
https://php.net/htmlentities