I think I have seen this question before but I don't think it's answered good enough yet because I can't get it to work.
The case:
I want to insert an URL into my MySQL database like so:
$url = $_POST["url"]; //$_POST["url"] = "http://example.com/?foo=1&bar=2& ...";
$sql = mysql_query("INSERT INTO table(url) values('$url')") or die ("Error: " . mysql_error());
Now, the URL is inserted into the database properly but when I look at it, it looks like this:
http://example.com/?foo=1
It's like the URL is cut right at the "&" character. I have tried: mysql_real_escape_string, htmlspecialchars, escaping by doing "\" etc. Nothing seems to work.
I have read that you might be able to do it with "SQL Plus" or something like that.
Thanks in advance.
Regards, VG
Chances are the problem here is nothing to do with the database query, and more to do with how the url is passed to the page. I suspect you'll find that the URL used to load the page is something like:
http://mydomain.com/?url=http://example.com/?foo=1&bar=2
This will result in a $_GET that looks like this:
array (
'url' => 'http://example.com/?foo=1',
'bar' => '2'
)
What you need is to call page with a URL that looks more like this:
http://mydomain.com/?url=http://example.com/?foo=1%26bar=2
Note that the & has been encoded to %26. Now $_GET will look like this:
array (
'url' => 'http://example.com/?foo=1&bar=2'
)
...and the query will work as expected.
EDIT I've just noticed you're using $_POST, but the same rules apply to the body of the request and I still think this is your problem. If you are, as I suspect, using Javascript/AJAX to call the page, you need to pass the URL string through encodeURIComponent().
It is likely the querystring is not being passed. It looks like you are receiving it from a FORM post. Remember that form posts that use a method of GET append a querystring to pass all of the form variables, so any querystring in the action is typically ignored.
So, the first thing to do is echo the URL before you try to INSERT it to make sure you are getting the data you think you are.
If there are variables you need to pass with the URL, use hidden inputs for that, and a method of GET on the form tag, and they will get magically appended as querystring parameters.
Right !! The problem here is nothing to do with the database query has DaveRandom said.
Just use the javascript function "encodeURIComponent()".
Depending on what you want to do with the stored value, you also urlencode() the string: http://php.net/manual/de/function.urlencode.php
Cheers,
Max
P.S.: SQL*Plus is for Oracle Databases.
maybe escape the url with urlencode then you can decode it if you want to pull it out of the db
Related
I am reading content of GET query string, and every time I encounter & for ecample Blackstone Woodfire & Grill, GET is reading Blackstone Woodfire.
How can I avoid this, if possible?
I know I could encode the special characters from the reference page, then decode them when are directed to this page.
I'm just curious.
The problem is that the parameters you send using get, are separated using a &.
So if you have an url like
http:/example.com?param_1=value_1¶m_2=value_2
You will have an $_GET array like
array(
param_1 => 'value_1',
param_2 => 'value_2'
);
Now if you send and url like:
http://example.com?param_1=value_1 & value_2
You will have an $_GET array like
array(
param_1 => 'value_1 ',
' value_2' => ''
);
Simply becuase that is the way sending GET params works.
On the recieving side, there is not much you can do, the problem lies at the other end.
The GET parameters that are beeing send must indeed be encoded, within PHP that is done using
echo 'http://example.com?param_1=' . urlencode('value_1 & value_2');
Javascript uses encodeURIComponent() to solve this issue.
PHP calles urldecode() automaticly on every get parameter when it is creating your $_GET global.
You could use urlencode to encode the get string. And later if u want to fetch it from $_GET u urldecode.
You could replace all ampersands to %26
I have a small problem with my PHP script. I want to be able to have a URL within a query string so it would look like this:
http://example.com/?url=http://google.com/
This works absolutely fine and $_GET['url'] will return http://google.com.
The problem is when the URL in my query string already has query string, for example:
http://example.com/?url=http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str?ie=UTF8&node=163856011
will return:
http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str?ie=UTF8
and I want it to return:
http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str?ie=UTF8&node=163856011
I am using PHP for server side.
Could anybody please help?
Update
I am using Codeigniter, so if this is the reason why it isn't working as it should then please let me know.
You need to encode the url passed as query argument:
If you send it from PHP, use urlencode or rawurlencode.
If you send it from JS, use encodeURIComponent.
Use urldecode() to pass query string
The problem i'm facing right now is im getting a URL, like so:
www.example.com/example.php?url=www.google.com
now the problem is, if theres a get in my url, like so:
www.example.com/example.php?url=www.google.com?id=1
it doesn't actually cause a problem yet, but if theres two GET vars in the my URL, it doesn't know where the "and" goes, the first get or the second one, and basically just chooses the first, ex:
www.example.com/example.php?url=www.google.com?id=1&username=me
is there a workaround? I could recode a lot of things to have it as one get variable, but it'll involve a lot of work and I wish i could have a solution!
thanks!
Heres my code:
$facebookapi=new facebook(array('appId'=>'*******','secret'=>'********','fileUpload'=>'false'));
$url='http://******.com/questions/view.php?id=884&username=robot';
$facebookapi->api('/me/******app:answer?question=' . urlencode($url),'POST');
You need urlencode to encode the url parameter.
$url = 'www.google.com?id=1';
echo 'www.example.com/example.php?url='.urlencode($url).'&username=me';
Edit:
After seeing your posted code, it seems that you should use the third parameter for params.
$url='http://******.com/questions/view.php?id=884&username=robot';
$facebookapi->api('/me/******app:answer', 'POST', array('question' => $url));
Well the function urlencode is perfect for this.
Once the url is encoded,
The first get variable will turn from this
www.google.com?id=1&username=me
to this
www.google.com%3Fid%3D1&6username=me
Your website will then appear as [www.example.com/example.php?url=www.google.com%3Fid%3D1%26username%3Dme]
Once PHP receives that variable you can decode it
$url = urldecode($_GET['url']);
Note: some versions of PHP do it automatically.
I know that I should encodeURI any url passed to anything else, because I read this:
http://www.digitalbart.com/jquery-and-urlencode/
I want to share the current time of the current track I am listening to.
So I installed the excellent yoururls shortener.
And I have a bit of code that puts all the bits together, and makes the following:
track=2&time=967
As I don't want everyone seeing my private key, I have a little php file which takes the input, and appends the following, so it looks like this:
http://myshorten.example/yourls-api.php?signature=x&action=shorturl&format=simple&url=http://urltoshorten?track=2&time=967
So in the main page, I call the jquery of $("div.shorturl").load(loadall);
It then does a little bit of CURL and then shortener returns a nice short URL.
Like this:
$myurl='http://myshorten.example/yourls-api.php?signature=x&action=shorturl&format=simple&url=' . $theurl;
$ch = curl_init($myurl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
curl_close($ch);
if ($data === false) {
echo 'cURL failed';
exit;
}
echo $data;
All perfect.
Except... the URL which is shortened is always in the form of http://urltoshorten?track=2 - anything after the ampersand is shortened.
I have tried wrapping the whole URL in php's URLencode, I've wrapped the track=2&time=967 in both encodeURI and encodeURIComponent, I've evem tried wrapping the whole thing in one or both.
And still, the & breaks it, even though I can see the submitted url looks like track=1%26time%3D5 at the end.
If I paste this or even the "plain" version with the unencoded url either into the yoururls interface, or submit it to the yoururls via the api as a normal URL pasted into the location bar of the browser, again it works perfectly.
So it's not yoururls at fault, it seems like the url is being encoded properly, the only thing I can think of is CURL possibly?
Now at this point you might be thinking "why not replace the & with a * and then convert it back again?".
OK, so when the url is expanded, I get the values from
var track = $.getUrlVar('track');
var time = $.getUrlVar('time');
so I COULD lose the time var, then do a bit of finding on where the * is in track and then assume the rest of anything after * is the time, but it's a bit ugly, and more to the point, it's not really the correct way to do things.
If anyone could help me, it would be appreciated.
I have tried wrapping the whole URL in php's URLencode
That is indeed what you have to do (assuming by ‘URL’ you mean inner URL being passed as a component of the outer URL). Any time you put a value in a URL component, you need to URL-encode, whether the value you're setting is a URL or not.
$myurl='http://...?...&url='.rawurlencode($theurl);
(urlencode() is OK for query parameters like this, but rawurlencode() is also OK for path parts, so unless you really need spaces to look slightly prettier [+ vs %20], I'd go for rawurlencode() by default.)
This will give you a final URL like:
http://myshorten.example/yourls-api.php?signature=x&action=shorturl&format=simple&url=http%3A%2F%2Furltoshorten%3Ftrack%3D2%26time%3D967
Which you should be able to verify works. If it doesn't, there is something wrong with yourls-api.php.
I have tried wrapping the whole URL in php's URLencode, I've wrapped the track=2&time=967 in both encodeURI and encodeURIComponent, I've evem tried wrapping the whole thing in one or both. And still, the & breaks it, even though I can see the submitted url looks like track=1%26time%3D5 at the end.
Maybe an explanation of how HTTP variables work will help you out.
If I'm getting a page with the following variables and values:
var1 = Bruce Oxford
var2 = Brandy&Wine
var3 = ➋➌➔ (unicode chars)
We uri-encode the var name and the value of the var, ie:
var1 = Bruce+Oxford
var2 = Brandy%26Wine
var3 = %E2%9E%8B%E2%9E%8C%E2%9E%94
What we are not doing is encoding the delimiting charecters, so what the request data will look like for the above is:
?var1=Bruce+Oxford&var2=Brandy%26Wine&var3=%E2%9E%8B%E2%9E%8C%E2%9E%94
Rather than:
%3Fvar1%3DBruce+Oxford%26var2%3DBrandy%26Wine%26var3%3D%E2%9E%8B%E2%9E%8C%E2%9E%94
Which is of course just gibberish.
I have an HTML form POSTing to a PHP page.
I can read in the data using the $_POST variable on the PHP.
However, all the data seems to be escaped.
So, for example
a comma (,) = %2C
a colon (:) = %3a
a slash (/) = %2
so things like a simple URL of such as http://example.com get POSTed as http%3A%2F%2Fexample.com
Any ideas as to what is happening?
Actually you want urldecode. %xx is an URL encoding, not a html encoding. The real question is why are you getting these codes. PHP usually decodes the URL for you as it parses the request into the $_GET and $_REQUEST variables. POSTed forms should not be urlencoded. Can you show us some of the code generating the form? Maybe your form is being encoded on the way out for some reason.
See the warning on this page: http://us2.php.net/manual/en/function.urldecode.php
Here is a simple PHP loop to decode all POST vars
foreach($_POST as $key=>$value) {
$_POST[$key] = urldecode($value);
}
You can then access them as per normal, but properly decoded. I, however, would use a different array to store them, as I don't like to pollute the super globals (I believe they should always have the exact data in them as by PHP).
This shouldn't be happening, and though you can fix it by manually urldecode()ing, you will probably be hiding a basic bug elsewhere that might come round to bite you later.
Although when you POST a form using the default content-type ‘application/x-www-form-encoded’, the values inside it are URL-encoded (%xx), PHP undoes that for you when it makes values available in the $_POST[] array.
If you are still getting unwanted %xx sequences afterwards, there must be another layer of manual URL-encoding going on that shouldn't be there. You need to find where that is. If it's a hidden field, maybe the page that generates it is accidentally encoding it using urlencode() instead of htmlspecialchars(), or something? Putting some example code online might help us find out.