I am sending sms to cellphones using PHP and an API key provided by my sms service provider.
The sms that I send reaches the target cellphone perfectly but the problem is when I have a "+" sign in my message the "+" do not appear in the cellphone. This is probably happening because the "+" sign is basically used for indicating a space.
When I run the api my code looks like following:
$msg="A+";
$x= file_get_contents("http://someurl...&msg=$msg");
Could you please tell me what to do to make the "+" appear in cellphones.
Thanks
You'll need to look into using the function urlencode.
$x = file_get_contents("http://someurl...&msg=" . urlencode($msg));
Try to use urlencode
$msg = urlencode("A+");
As php manual says:
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next
page.
Use urlencode...
$msg="A+";
$msg = urlencode($msg);
$x= file_get_contents("http://someurl...&msg=$msg");
Try This:
$msg=urlencode("A+");
$x= file_get_contents("http://someurl...&msg=".$msg);
urlencode function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next page.
Related
I want to use the GET method to send a string to the receive page, but if the string includes '#', the receiver page can only get the sub string before the '#'.
As the following example:
test
When I click the 'test' link to open the 'test.php' page, which has the following code:
<?php
if(isset($_GET["q"])) {
echo $_GET["q"];
}
?>
It only display 'string1' on the page, '#string2' is missing.
So I want to know what happened to the string, and how to fix this problem.
Thank you for any help!
=======Update===========
With the help of #Eric Shaw and #JP Dupéré, I know how to fix this problem.
The simplest way is encoding the string before using the get method.
To encode the query string, you can:
use urlencode() in PHP, and urldecode() can decode the string.
use encodeURIComponent() in JavaScript, and decodeURIComponent() can decode the string.
Try
urlencode("string1#string2")
before calling GET.
The #foo is used to jump to an <a name="foo"/> tag on the page, rather than viewing the top of the page when the browser loads it.
The stuff after the # is processed by the browser and NOT sent to the server.
You can escape the # and the escaped version will be sent to the server, i.e.
test
will do what you want I think
This escaping is also a common technique to get the # passed along in the URL for redirectors.
I am trying to Integrate an SMS service into my website. I need to make a HTTP call with a param named "msg" (urlencoded).
Currently, I am constructing the entire URL with msg param being urlencoded (i.e $msg = urlencode($msg)), and I am sending the SMS.
$msg = urlencode("Hello World");
Although what I receive on my phone is "Hello+World" and NOT "Hello World".
So is there an issue with file_get_contents ?
Also, is there anyway, I can see the string "file_get_contents" finally sends out ?
Try using rawurlencode() instead.
The principal difference (although there are others) is that it encodes spaces as %20 instead of +. This is quite likely the source of your problem.
I figured what was the issue:
I was using http_build_query to create the query string, and I was passing a urlencode'd param to it. Hence it was being encoded twice.
So is there an issue with file_get_contents ?
No.
Also, is there any way, I can see the string file_get_contents finally sends out ?
Yes, with a network sniffer.
You need to use urldecode() after retrieving data and then display to user
I have an encrypted, base64 encoded array that I need to put into a url and insert into emails we send to clients to enable them to be identified (uniquely) - the problem is that base64_encode() often appends an = symbol or two after it's string of characters, which by default is disallowed by CI.
Here's an example:
http://example.com/cec/pay_invoice/VXpkUmJnMWxYRFZWTEZSd0RXZFRaMVZnQWowR2N3TTdEVzRDZGdCbkQycFFaZ0JpQmd4V09RRmdWbkVMYXdZbUJ6OEdZQVJ1QlNJTU9Bb3RWenNFSmxaaFVXcFZaMXQxQXpWV1BRQThVVEpUT0ZFZ0RRbGNabFV6VkNFTlpsTWxWV29DTmdackEzQU5Nd0lpQURNUGNGQS9BRFlHWTFacUFTWldOZ3M5QmpRSGJBWTlCREVGWkF4V0NtQlhiZ1IzVm1CUk9sVm5XMllEWlZaaEFHeFJZMU51VVdNTmJsdzNWVzlVT0EwZw==
Now I understand I can allow the = sign in config.php, but I don't fully understand the security implications in doing so (it must have been disabled for a reason right?)
Does anyone know why it might be a bad idea to allow the = symbol in URLs?
Thanks!
John.
Not sure why = is disallowed, but you could also leave off the equals signs.
$base_64 = base64_encode($data);
$url_param = rtrim($base_64, '=');
// and later:
$base_64 = $url_param . str_repeat('=', strlen($url_param) % 4);
$data = base64_decode($base_64);
The base64 spec only allows = signs at the end of the string, and they are used purely as padding, there is no chance of data loss.
Edit: It's possible that it doesn't allow this as a compatibility option. There's no reason that I can think of from a security perspective, but there's a possibility that it may mess with query string parsing somewhere in the tool chain.
Please add the character "=" to $config['permitted_uri_chars'] in your config.php file you can find that file at application/config folder
Originally there are no any harmful characters in the url at all. But there are not experienced developers or bad-written software that helps some characters to become evil.
As of = - I don't see any issues with using it in urls
Instead of updating config file you can use urlencode and urldecode function of native php.
$str=base64_encode('test');
$url_to_be_send=urlencode($str);
//send it via url
//now on reciveing side
//assuming value passed via get is stored in $encoded_str
$decoded_str=base64_decode(urldecode($encoded_str));
I want to create my own JSON API with PHP and I want that the user can send Text to my API, especially one or more Links. So the Problem is, that this call could look something like this (in a worse case)
http://www.my.site/test.php?link[]=http://stackoverflow.com/?as=2&bs=2&link[]=http://stackoverflow.com/?af=2&bf=2
The problem is, that I get only a shorter link without the last information (here: bs=2 and bf=2).
This information is threated as GET data. How can I fix this? Must I use any escaping here?
Use urlencode:
echo 'http://www.my.site/test.php?link[]=' .
urlencode('http://stackoverflow.com/?as=2&bs=2') . '&link[]=' .
urlencode('http://stackoverflow.com/?af=2&bf=2')
You should use the urlencode PHP's function.
http://fr.php.net/manual/en/function.urlencode.php
i have script
<?php
$to = $_GET["to"];
header("Location: $to");
?>
if i call script such
out.php?to=http://site.ru/page.php?param1=1¶m2=2
in param $to be only http://site.ru/page.php?param1=1&
how to fix? i want that $to = http://site.ru/page.php?param1=1¶m2=2
You can escape the URL at the site calling out.php:
Go to $to
& is a reserved character in an URI. When you access this URL, ¶m2=2
is interpreted as belonging to the current URL and not to the value of to.
If you want to transmit it literally, you have to encode it with %26:
http://site.ru/page.php?param1=1%26param2=2
Most programming languages provide a function to do so. (e.g. JavaScript, PHP). The best thing is to encode the whole URL.
$to must be urlencoded, but note that you giving a redirect script to anyone, so, any phisher can use it.
So, it would be better to store urls in the database and pass only an identifier.
try encoding the to URL in base64 and then in the example that u have shown decode it before you pass it to the header :)
urlencode it
urlencode($to)
I ran into the same problem before, this is what I did:
$arr=explode('?to=',$_SERVER['REQUEST_URI'],2);
$new_to=$arr[1];
Now you can use the $new_to variable.
Of course if you're using this for production environment, I would recommend encoding the url as the other answers advised. I was using it for testing curl script. getting the variable this way has lots of flaws, so be careful.
You can use a Function called "html_entity_decode"
Click Here for more information about this function
or use md5 function to encrypt the URL and then decrypt it when you put it into a varriable.
I hope this can help you