I've a very strange problem in my form and have no idea how to solve it. Tried a search but found nothing about it. I have a form which i receive the data with $get in a php page to process the data. Strangely, when i insert an # in a field like the email for example, the # is lost durring the process of sending data. I verified in the line before the redirection to the php page if the # was there and it was, so i don't know this character is lost in the next step of the process.
Any hints?
The redirection comes from a javascript function that i call when i click the submit form:
window.location.href = 'index.php?pagina=candidaturasB&'+ qstringA;
the "qstringA" contains all the data of my form, and if in some input i put an #, if i do alert(qstringA) before de redirection line, the # is there, after that, in the url, of the php page where i received the data there's no #.
ex: index.php?...&email="ren#something.com" appears on the url "index.php?...&email="rensomething.com".
Use urlencode() for each form data :
eg :
$url = "index.php?pagina=candidaturasB";
$url .= "&email=".urlencode($_GET['email']);
$url .= "&data="urlencode($_GET['data']);
And pass the result string to window.location.href
Related
I have two files, the first is a form (signup.php) that posts user inserted fields (first name, last name, user name, email..etc) into another file containing an error handlers (Signup.chk.php) using post method. in case of error in the inputs, i wanted signup.chk.php to send back all the fields inserted by the user to the signup.php file using GET method to re-display the form with the errors and the user's inputs.
i'm expecting a URL that looks like below:
localhost/signup?signup=error&firstname=Joe&lastname=Doe&user=Jdoe1&email=Jdoe#abc.com
it works fine if the user didnt insert special chars as inputs.
if the user inserts $ or & as part of the inputs it will mess up the _GET function on the other page.
what is the best way to encode/decode the URL values to prevent XSS and also allow the signup.inc file to properly receive the url values and display it correctly in the form fields again (Even if containing <>$&%..etc)
To do what you want, you can use urlencode() and urldecode().
// To form the URL
$url = "localhost/signup?signup=error&firstname=" . urlencode($firstname);
// To get the value from the URL and decode it.
$firstname = urldecode(isset($_GET['firstname']) ? $_GET['firstname'] : "");
However, there is a security issue, user may add some code on the url to attack your website, so you need to do something to avoid it, eg restrict input length or avoid unnecessary specific characters.
I'm using an exchange plugin on wordpress, and I want to make the whole process of bidding ajax; so when submitting one of the forms the page goes to a blank page which show something like this:
{"status":"success","response":"","status_code":0,"status_text":"Bid successfully created","url":"http:\/\/example.com\/step2\/hst_HH8yhuadhHFKlgij94fE4fGaw59HUmsL94j\/","account1_error":0,"account1_error_text":"","account2_error":0,"account2_error_text":"","summ1_error":0,"summ1_error_text":"","summ2_error":0,"summ2_error_text":"","summ1c_error":0,"summ1c_error_text":"","summ2c_error":0,"summ2c_error_text":"","cf":[],"cf_er":[],"cfc":[],"cfc_er":[]}
which seems like ajax response (or whatever, I don't know exactly)
But here's the thing, when I enter the url in this code in the address bar, it goes exactly wehere I wanted to go, so How can I somehow get this hashed url right after form submit and load the content of that page in current page using jQuery?
or just when this page loads immediately it redirects to the url in it?
or at least can you help me somehow or just put me on the right direction?
Capture the response to a variable:
$json = json_decode(input);
then access the URL through that:
echo $json.url
This should be done in the script where your form is POST to.
EDIT, regarding the POST to /ajax.html, that file should contain something similar to this tutorial:
<?php
// If loop is only entered if $_POST["name"] is not empty.
// $_POST[value] comes from the POST parameters, e.g., for example.com/ajax.html?name=Nick ...
if( $_POST["name"] ) {
$name = $_POST['name']; // ... then `echo $name` will print "Nick"
echo "Welcome ". $name;
}
?>
I have a scenario where when I submit a form in PHP, sometimes the url would be something like this prior to submitting:
http://localhost/pre_school-schedules.php#ps-n2
What I want to do is set the url after submitting to be as follows:
http://localhost/pre_school-schedules.php
Currently I'm trying to do that with:
header('Location:http://localhost/pre_school-schedules.php');
But this is not working and prevents my custom messages such as Item inserted successfully. or there was a problem with... to show. Is there any other way to make the page after a post request remove any extra stuff from the URL?
as you don't define the post action, the current url is used, if it has a fragment (the bit after the #) that gets sent also. So simply hard code the action like so:
action="pre_school-schedules.php"
You should be able to remove the anchor and everything after it during your form processing with preg_replace, trim, or similar function.
$url = preg_replace('/#.*/', '', $url);
If you end up needing to redirect, save your needed data such as errors in a session then send them to the destination page.
I m in a situation where i am redirecting user to another page with following jQuery code
window.location = "/#/customer/email?isEmail=true&eid=1&template=2";
i have some url re-writing , and so complete url becomes is
https://demo.qa.com/#/customer/email?isEmail=true&eid=1&template=2
but in PHP when i try to get full page url using this
echo $_SERVER['REQUEST_URI'];
it just gives me this
/
i just want to get variable IsEmail
$_GET['IsEmail']
value in PHP page,
I think the
#
in between the URL is creating the problem, is there any way to get it, please advise..
The fragment is never sent to the server, so if you want access to the query parameters you need to bring them forward:
https://demo.qa.com/?isEmail=true&eid=1&template=2#/customer/email
^ ^
query fragment
The anchor fragment portion of the URL (anything after #) isn't sent to the server at all. It only lives client-side. The server has no knowledge of it, and therefore PHP has no knowledge of it.
If you want to do anything with the anchor fragment, you must do it client-side.
When a user submits any form, a $_GET['variable_name'] is sent by the webpage and will give a URL like the following: www.mywebsite.com/index.php?variable_name_here='yes'.
However people can just write the URL www.mywebsite.com/index.php?variable_name='yes' into the address bar of the website and gain access to this part of the script, without actually submitting the form!
This is a problem! It's breaking specific parts of the script linked to that form submission! This is because the part of the script relating to the $_GET['variable_name'] can't get the variables that should be sent by the form as it is never submitted!
How do I stop people getting to specific parts of a script when they manipulate the URL by sending them back to www.mywebsite.com/index.php?
P.S. : This is for user submitted data through a form which is then processed (no SQL or any alike software involved)
If you are worrying about people getting in to your site without logging in or not having correct params, you should first check to see if the correct $_GET variables exist using isset(). If all paramaters you are expecting exist allow them to pass, otherwise use header('Location: /index.php'); to force a redirect.
To redirect from www.mywebsite.com/index.php?variable_name='yes' to www.mywebsite.com/index.php you would need to include the following code below before you open a HTML header! This solution will work for any $_GET variables within your whole website if you place it within an includes("filename_here"), no need to change the code.
//if there are any $_GET variable(s) set (doesn't matter what the name of the variables are)
if (! empty($_GET))
{
//if there is no record of the previous page viewed on the server
if(! isset($_SERVER['HTTP_REFERER']))
{
//get requested URL by the user
$redir = $_SERVER['PHP_SELF'];
//split parts of the URL by the ?
$redir = explode('?', $redir);
//redirect to the URL before the first ? (this removes all $_GET variables)
header("Location: $redir[0]");
}
}