I am working with Zend Framework. I have a form with some fields, all of them type="text", including an input called "Telephone". When submit, I am using Ajax to send data to Controller. Well here is my problem, if I type a + symbol, for example:
+34-666666666 the data I receive is 34-666666666. The + symbol turns into a whitespace. This problem only happens with +, I have tried with all the symbols and theres no problem. I am going mad and I didn't found any solution in Google.
The + symbol is used in URL's to represent whitespace. Your ajax submit is probably performing a GET request and the + in the URL string is getting transformed.
Sanitize your input via javascript before submitting the ajax request with encodeURIComponent().
You might also find this question useful: Plus character in URL transformed to space on a linux box.
This question discusses encodeURIComponent: How to encode a URL in Javascript?
You need to encode your GET/POST data as described here. The JavaScript encodeURIComponent function can be used with a little twist*:
For application/x-www-form-urlencoded (POST), per specs, spaces are to
be replaced by '+', so one may wish to follow a encodeURIComponent
replacement with an additional replacement of "%20" with "+".
"&phone=" + encodeURIComponent("+34-666666666").replace(/%20/, "+"); // "&phone=%2B34-666666666"
"&phone=" + encodeURIComponent("+34-666666666 x123").replace(/%20/, "+"); // "&phone=%2B34-666666666+x123"
*Note: treatment of + character in a URL varies depending on whether it is used inside a path component or query string:
http://example.com/page+1 -- file name page+1
http://example.com/page%201 -- file name page 1
http://example.com/?file=page+1 -- query string parameter file=page 1
http://example.com/?file=page%201 -- query string parameter file=page 1
Related
I have a webapp created using C# and asp.net. I placed a parameter value in the querystring with a plus(+) sign. But the plus sign disappear.
How can I include the plus sign(+) in the query string without disappearing?
Please advise.
Thanks.
Edit: added code with UrlEncode
string str = Server.UrlEncode(Requery.QueryString["new"]);
+ sign has a semantic meaning in the query string. It is used to represent a space. Another character that has semantic importance in the query string is & which is used to separate the various var=value pairs in the query string.
Most server side scripts would decode the query parameters before using them, so that a + gets properly converted to a space. Now, if you want a literal + to be present in the query string, you need to specify %2B instead.
+ sign in the query string is URL-decoded to a space. %2B in the query string is URL-decoded to a + sign.
See the difference between
http://www.google.com/search?q=foo+bar
and
http://www.google.com/search?q=foo%2Bbar
In the above examples, Google's server script is URL-decoding the query parameters and then using them to do the search.
URL-encoding is nothing but % sign followed by the hex-code of the special character. For example, we know that the hex code of A is 0x41 (decimal: 65). Try this:
http://www.google.com/search?q=%41
Hope this makes URL-encoding clear.
So, if you want the + sign to be preserved when a JavaScript is fetching a URL with + signs in its query parameters and a server side script would process the query parameters after URL-decoding it, you should URL-encode the query parameters in the URL before using issuing the HTTP get request so that all + signs are converted to %2B's when the request reaches the server side script. Now when the server side script URL-decodes the query string, all %2B's gets converted back to + signs which is what you want.
See Encode URL in JavaScript? to learn how to URL-encode the parameters using JavaScript. Short answer from the discussion there:
var encodedURL = "http://example.com/foo.php?var=" + encodeURIComponent(param);
You should URLEncode your query string values to make sure any special characters are not lost.
Look at HTML URL Encoding Reference
You need to Encode the + sign - It's value should be %2B
I alter my previous statement so no one gets confused!
Create your url using the Server.UrlEncode.
e.g.
string myUrl = "http://myurl?param1=" + Server.UrlEncode("my+param+1");
For the solution, I have applied:
Step 1:Use Server.UrlEncode method for encoding the URL parameter.
Response.Redirect("YourURL?parameter=Server.UrlEncode(parameterValue.ToString().Trim()");
step 2: on another side, you get a string with a plus(+) sign.
var parameter = Request.QueryString["parameterValue"].ToString().Trim();
This is the result: %2beH8 --> +eH8
Other simple way is, Request.Url.ToString().Substring(Request.Url.ToString().IndexOf("=") + 1) assuming that my URL is, http://localhost/MyApp/Activate.aspx?ActivationCode=cHbtqH9P2dDZkx/mYUgFFo7nrNqSFgqdPisAzzu5/nwlEYDOHI+CQw==
before send you parameter, you need check if the parameter contains plus sign, if have you need replace to one flag, for example:
the parameter is: klasjdlkasd+djid3223
can you replace: klasjdlkasdFLAGdjid3223
and when you go convert, you need replace angain
klasjdlkasd+djid3223
Try this, it works for me:
Request.QueryString["new"].Trim();
The solution is to ALWAYS include .Replace(" ", "+") when you request querystring
string s = Request.QueryString["id"].Trim().Replace(" ", "+");
source: http://www.webmasterworld.com/forum47/3238.htm
Add this line in Decrypt Funcation:
strText = strText.Replace(" ", "+");
i am trying to send a value through link and get the value on other file using $_GET but the problem is the value has & in between two words and in url its coming like
list.php?v=Bakery%20&%20Cake%20Design
and when i echo this value in second page it come out to be bakery instead of bakery cake & design . Since i am sending this value from the first page via jquery on click i tried using encodeURI() to remove the %20 from the link but it still does't helps as the part after %20 & is not being printed on second page when i echo the value. my jquery code is
var vendor = $(this).text().replace(/\s/g,"%20"); in this i tried to remove it via replace too . But still no help .
You dont need to remove %20
just check that there should not be any space between the variable and the value!
This will produce %20 :
echo '<td><b><font color="#663300">Deactivate User</font></b></td>';
This will not:
`echo '<td><b><font color="#663300">Deactivate User</font></b></td>';`
Reason : just a whitespace between (php?id ='.$row)
On the JS side you need to use encodeURIComponent() on the item with the ampersand like.
var title = encodeURIComponent('bakery cake & design'); // bakery%20cake%20%26%20design
As opposed to encodeURI which:
Note that encodeURI by itself cannot form proper HTTP GET and POST requests, such as for XMLHTTPRequests, because "&", "+", and "=" are not encoded, which are treated as special characters in GET and POST requests. encodeURIComponent, however, does encode these characters. These behaviors are most likely not consistent across browsers.
Use the URL Decoder function
echo urldecode("A%20B") // will print 'A B'
I am retrieving an encoded url via querystring. I need to pass it again to the next page. When I retrieve it the first time, using $_REQUEST['url'], only the slashes are decoded, e.g:
http://example.com/search~S10?/Xllamas&searchscope=10&SORT=D/Xllamas&searchscope=10&SORT=D&SUBKEY=llamas/51%2C64%2C64%2CB/browse
The php docs page for urldecode advises against decoding request data, and says that it will already be decoded. I need it either completely decoded, so I can encode it again without double-encoding some parts, or not decoded at all.
I'm not sure why my experience of this data is incongruous with the php docs. Appreciate any help or pointers to same!!
EDIT: attempt to post relevant code, which is scattered about:
the url is encoded and added to the querystring (in an html file using smarty template):
<a class="button" href="{$baseurl}search_nojs?searcharg={$searcharg|escape:'url'}&url={$next|escape:'url'}"><span>Next>></span></a>
if that link was followed, i'm grabbing the url back out of the querystring (in a php file):
if(array_key_exists('url', $_REQUEST)) {
$sm->assign("searchurl", $_REQUEST['url']);
}
Then I'd like to stick the url back into the querystring for the next link (in another html file):
href="{$baseurl}detail?bibid={$res.bibid}&searcharg={$searcharg}{if $searchurl}&searchurl={$searchurl}{/if}"
I'm also printing {$searchurl} straight onto the page, and getting the same half-escaped result.
Here is another example of the querystring vs. the data i get from $_REQUEST:
originally encoded url in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse
data retrieved from $_REQUEST:
searcharg=mammals&searchurl=http://example.com/search~S10?/Xmammals&searchscope=10&SORT=D/Xmammals&searchscope=10&SORT=D&SUBKEY=mammals/51%2C1114%2C1114%2CB/browse
I know this method may seem curious -- I am trying to make a mobile display, working around a black-box database. Thanks again for any help!!
Here is another example of the querystring vs. the data i get from $_REQUEST:
originally encoded url in querystring:
searcharg=mammals&url=http%3A%2F%2Fexample.com%2Fsearch%7ES10%3F%2FXmammals%26searchscope%3D10%26SORT%3DD%2FXmammals%26searchscope%3D10%26SORT%3DD%26SUBKEY%3Dmammals%2F51%252C1114%252C1114%252CB%2Fbrowse
This is double encoded. For example: %252C -> %2C -> ,
So at the point that you encode the url parameter, you're introducing double encoding. Perhaps you should ensure that, before encoding parameters, you decode them until they can be decoded no more (aka canonicalisation). You could use urldecode in a loop for this.
You also want to ensure that when you put the url parameter back into html context (as a link) that you escape for HTML Attributes too. Otherwise you have an XSS vulnerability.
The comma (U+002C) is a reserved character in the query and thus must be encoded with %2C:
3.4. Query Component
The query component is a string of information to be interpreted by
the resource.
query = *uric
Within a query component, the characters ";", "/", "?", ":", "#",
"&", "=", "+", ",", and "$" are reserved.
I have made one form in which there is rich text editor. and i m trying to store the data to database.
now i have mainly two problem..
1) As soon as the string which contents "#"(basically when i try to change the color of the font) character, then it does not store characters after "#". and it also not store "#" character also.
2) although i had tried....in javascript
html.replace("\"","'");
but it does not replace the double quotes to single quotes.
We'll need to see some code. My feeling is you're missing some essential escaping step somewhere. In particular:
As soon as the string which contents "#"(basically when i try to change the color of the font) character
Implies to me that you might be sticking strings together into a URL like this:
var url= '/something.php?content='+html;
Naturally if the html contains a # symbol, you've got problems, because in:
http://www.example.com/something.php?content=<div style="color:#123456">
the # begins a fragment identifier called #123456">, like when you put #section on the end of a URL to go to the anchor called section in the HTML file. Fragment identifiers are purely client-side and are not sent to the server, which would see:
http://www.example.com/something.php?content=<div style="color:
However this is far from the only problem with the above. Space, < and = are simly invalid in URLs, and other characters like & will also mess up parameter parsing. To encode an arbitrary string into a query parameter you must use encodeURIComponent:
var url= '/something.php?content='+encodeURIComponent(html);
which will replace # with %35 and similarly for the other out-of-band characters.
However if this is indeed what you're doing, you should in any case you should not be storing anything to the database in response to a GET request, nor relying on a GET to pass potentially-large content. Use a POST request instead.
It seems that you are doing something very strange with your database code. Can you show the actual code you use for storing the string to database?
# - character is a common way to create a comment. That is everything starting from # to end of line is discarded. However if your code to store to database is correct, that should not matter.
Javascript is not the correct place to handle quote character conversions. The right place for that is on server side.
As you have requested....
I try to replay you... I try to mention exact what I had done...
1) on the client side on the html form page I had written like this..
html = html.trim(); // in html, the data of the rich text editor will come.
document.RTEDemo.action = "submit.php?method='"+ html.replace("\"","'") + "'";
\\ i had done replace bcz i think that was some problem with double quotes.
now on submit.php , my browser url is like this...
http://localhost/nc/submit.php?method='This is very simple recipe.<br><strong style='background-color: #111111; color: #80ff00; font-size: 20px;">To make Bread Buttor you will need</strong><br><br><blockquote><ol><li>bread</li><li>buttor</li></ol></li></blockquote><span style="background-color: #00ff80;">GOOD.</span><br><br><br><blockquote><br></blockquote><br>'
2) on submit.php ........I just write simply this
echo "METHOD : ".$_GET['method'] . "<br><br>";
$method = $_GET['method'];
now my answer of upper part is like this...
METHOD : 'This is very simple recipe.
now i want to store the full detail of URL....but its only storing...
This is very simple recipe.
I'm looking to make a Contact/Query form, wherein the end user can send an email to the webmaster. The form has a 'textarea' field, which captures long strings from the user, if I use AJAX to submit the form using GET method, my params tend to break if their is a special character, specifically '&' in the textarea's string..
I'm stuck please help!
Try calling encodeURIComponent in your javascript when posting the request.
You can make the string URL safe using JavaScript urlencode...
var textToSend = encodeURIComponent(myform.myfield.value);
This will convert all special characters into URL encoded characters.