i am trying to send a value through link and get the value on other file using $_GET but the problem is the value has & in between two words and in url its coming like
list.php?v=Bakery%20&%20Cake%20Design
and when i echo this value in second page it come out to be bakery instead of bakery cake & design . Since i am sending this value from the first page via jquery on click i tried using encodeURI() to remove the %20 from the link but it still does't helps as the part after %20 & is not being printed on second page when i echo the value. my jquery code is
var vendor = $(this).text().replace(/\s/g,"%20"); in this i tried to remove it via replace too . But still no help .
You dont need to remove %20
just check that there should not be any space between the variable and the value!
This will produce %20 :
echo '<td><b><font color="#663300">Deactivate User</font></b></td>';
This will not:
`echo '<td><b><font color="#663300">Deactivate User</font></b></td>';`
Reason : just a whitespace between (php?id ='.$row)
On the JS side you need to use encodeURIComponent() on the item with the ampersand like.
var title = encodeURIComponent('bakery cake & design'); // bakery%20cake%20%26%20design
As opposed to encodeURI which:
Note that encodeURI by itself cannot form proper HTTP GET and POST requests, such as for XMLHTTPRequests, because "&", "+", and "=" are not encoded, which are treated as special characters in GET and POST requests. encodeURIComponent, however, does encode these characters. These behaviors are most likely not consistent across browsers.
Use the URL Decoder function
echo urldecode("A%20B") // will print 'A B'
Related
kindly I have two links,
when using both of the links in another page, the first link is decoded automatically by GET Method and the second didn't.
the problem is that if there is a space in any attribute, the get don't decode automatically the URL and if there are no spaces, the get automatically decoding the URL which is the correct behaviour
tip : the only encoded attribute is BodyStr and encoded via URLENCODE PHP function.
another tip: the difference between both is the space in subjectStR Attribute
I want to know why spaces in URL prevent GET Global Variable from automatically decoding all the attributes
$message=urlencode($message);
http://localhost/test4.php?me=ahmed&y=1&clientid=55&default=1&Subjectstr=**Email From Contactuspage`**&BodyStr=$message
http://localhost/test4.php?me=ahmed&y=
1&clientid=55&default=1&Subjectstr=**EmailFromContactuspage**&BodyStr=$message
Space isn't allowed in URL query strings. If you put an unencoded space in SubjectStr, the URL ends at that point, so the server never sees the BodyStr parameter.
You need to URL-encode SubjectStr. Replace the spaces with + or %20.
$message=urlencode($message);
$url = "http://localhost/test4.php?me=ahmed&y=1&clientid=55&default=1&Subjectstr=Email+From+Contactuspage&BodyStr=$message"
The reason why it stops at space is because of the HTTP protocol. The client sends:
GET <url> HTTP/1.1
This request line is parsed by looking for the space between the URL and the HTTP version token. If there's a space in the URL, that will be treated as the end of the URL.
I have an application that posts content to a MySQL DB via PHP. The PHP uses $_GET to pull the content from the URL and then inserts it into the DB.
This works great, but I have discovered an issue. If the user enters certain characters (", &, and others), the $_GET method does not properly separate the content from the URL.
Let's say the user posts this content:
I love blue & green
In this situation, the & symbol cuts the string after the word blue.
Is there any way for me to edit my PHP file to ignore the & symbol and to actually treat it as part of the variable it is supposed to $_GET? Any help would be great!
You can URLencode data before sending it to the PHP. It's a better solution.
Specials chars must not be used in a query string if those chars are in data.
In Javascript, you can use the escape function : escape(&ee) will give %26ee
The correct method is to urlencode the "&" caracter by the client : pass "%26" instead of "&"
you can use $_SERVER['QUERY_STRING']
from http://php.net/manual/en/reserved.variables.server.php
You could send the request as a base64 encoded string:
$string = base64_encode("This is my long string with &ersands and 'quotes'");
print base64_decode($string);
Note that base64-encoded data takes about 33% more space than the original data.
From the manual:
http://php.net/manual/en/function.base64-encode.php
You also have urlencode
try to urlencode your string:
&
becomes
%26
it's a PHP function :
http://php.net/manual/fr/function.urlencode.php
What about, before creating Query string, encode it ?
$str = "I love blue & green ?=&˙Đ[]";
$str = urlencode($str);
echo $str;
Will return:
I%20love%20blue%20%26%20green%20%3F%3D%26%CB%99%C4%90%5B%5D
You have to URL encode the string before you pass it as a GET parameter. In this particular case you have to replace & symbol with %26.
This can be done for example using javascript right before you send the form.
I am working with Zend Framework. I have a form with some fields, all of them type="text", including an input called "Telephone". When submit, I am using Ajax to send data to Controller. Well here is my problem, if I type a + symbol, for example:
+34-666666666 the data I receive is 34-666666666. The + symbol turns into a whitespace. This problem only happens with +, I have tried with all the symbols and theres no problem. I am going mad and I didn't found any solution in Google.
The + symbol is used in URL's to represent whitespace. Your ajax submit is probably performing a GET request and the + in the URL string is getting transformed.
Sanitize your input via javascript before submitting the ajax request with encodeURIComponent().
You might also find this question useful: Plus character in URL transformed to space on a linux box.
This question discusses encodeURIComponent: How to encode a URL in Javascript?
You need to encode your GET/POST data as described here. The JavaScript encodeURIComponent function can be used with a little twist*:
For application/x-www-form-urlencoded (POST), per specs, spaces are to
be replaced by '+', so one may wish to follow a encodeURIComponent
replacement with an additional replacement of "%20" with "+".
"&phone=" + encodeURIComponent("+34-666666666").replace(/%20/, "+"); // "&phone=%2B34-666666666"
"&phone=" + encodeURIComponent("+34-666666666 x123").replace(/%20/, "+"); // "&phone=%2B34-666666666+x123"
*Note: treatment of + character in a URL varies depending on whether it is used inside a path component or query string:
http://example.com/page+1 -- file name page+1
http://example.com/page%201 -- file name page 1
http://example.com/?file=page+1 -- query string parameter file=page 1
http://example.com/?file=page%201 -- query string parameter file=page 1
When I first submit my search form via $_GET it returns results as expected but when using pagination and submitting it again for page X I see that it converts a portion of my URL and fails.
Here is the before and after URL portion that is changing:
// Before
min_score=1&max_score=10¬_scored=1
// After
min_score=1&max_score=10%AC_scored=1
It's encoding 10& How can I prevent this from happening?
The reason is that ¬ gets intepreted by the browser as ¬. Strict mode or any DOCTYPE might help.
And ¬ simply gets substituted as ¬ then. Which in turn becomes %AC in request urls.
Besides urlencode() on the individual values you should additionally apply htmlspecialchars() on the whole URL before you add it into the <a> tag.
always type urls with
&
instead of &...
I am retrieving an encoded url via querystring. I need to pass it again to the next page. When I retrieve it the first time, using $_REQUEST['url'], only the slashes are decoded, e.g:
http://example.com/search~S10?/Xllamas&searchscope=10&SORT=D/Xllamas&searchscope=10&SORT=D&SUBKEY=llamas/51%2C64%2C64%2CB/browse
The php docs page for urldecode advises against decoding request data, and says that it will already be decoded. I need it either completely decoded, so I can encode it again without double-encoding some parts, or not decoded at all.
I'm not sure why my experience of this data is incongruous with the php docs. Appreciate any help or pointers to same!!
EDIT: attempt to post relevant code, which is scattered about:
the url is encoded and added to the querystring (in an html file using smarty template):
<a class="button" href="{$baseurl}search_nojs?searcharg={$searcharg|escape:'url'}&url={$next|escape:'url'}"><span>Next>></span></a>
if that link was followed, i'm grabbing the url back out of the querystring (in a php file):
if(array_key_exists('url', $_REQUEST)) {
$sm->assign("searchurl", $_REQUEST['url']);
}
Then I'd like to stick the url back into the querystring for the next link (in another html file):
href="{$baseurl}detail?bibid={$res.bibid}&searcharg={$searcharg}{if $searchurl}&searchurl={$searchurl}{/if}"
I'm also printing {$searchurl} straight onto the page, and getting the same half-escaped result.
Here is another example of the querystring vs. the data i get from $_REQUEST:
originally encoded url in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse
data retrieved from $_REQUEST:
searcharg=mammals&searchurl=http://example.com/search~S10?/Xmammals&searchscope=10&SORT=D/Xmammals&searchscope=10&SORT=D&SUBKEY=mammals/51%2C1114%2C1114%2CB/browse
I know this method may seem curious -- I am trying to make a mobile display, working around a black-box database. Thanks again for any help!!
Here is another example of the querystring vs. the data i get from $_REQUEST:
originally encoded url in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse
This is double encoded. For example: %252C -> %2C -> ,
So at the point that you encode the url parameter, you're introducing double encoding. Perhaps you should ensure that, before encoding parameters, you decode them until they can be decoded no more (aka canonicalisation). You could use urldecode in a loop for this.
You also want to ensure that when you put the url parameter back into html context (as a link) that you escape for HTML Attributes too. Otherwise you have an XSS vulnerability.
The comma (U+002C) is a reserved character in the query and thus must be encoded with %2C:
3.4. Query Component
The query component is a string of information to be interpreted by
the resource.
query = *uric
Within a query component, the characters ";", "/", "?", ":", "#",
"&", "=", "+", ",", and "$" are reserved.