I use php to retrive the data from table and ajax to display the result.
When I search using location for the 1st time, I get the result and the pagination is not working, especially for "istanbul".
The reason is the special character '\' added with the address that's taken from Google map.
The URL passed when i go to next page, is
http://www.mysite.com/dropinn/search/\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3"
How to over come this problem?
This is the code that I have written:
$config['base_url'] = site_url('search').'?checkin='.urlencode($checkin).'&checkout='.urlencode($checkout).'&guests='.$nof_guest.'&location='.urlencode($location).'&min_bathrooms='.$min_bathrooms.'&min_bedrooms='.$min_bedrooms.'&min_beds='.$min_beds.'&per_page='.$per_page.'&search_view=1&sort='.$sort;
Using double quotes, you escape \ with another \. If you need to display a \, then you must type \\, or you could use single quotes.
Example: echo "\hello\world"; would need to be echo "\\hello\\world";, or echo '\hello\world';
To escape in php, you must use \\
Try this:
http://www.mysite.com/dropinn/search/\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3\"
Or this:
http://www.mysite.com/dropinn/search/\\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3\"
Or lastly:
http://www.mysite.com/dropinn/search/\\"http://www.mysite.com/dropinn/search?checkin=mm%2Fdd%2Fyy&checkout=mm%2Fdd%2Fyy&guests=1&location=Istanbul%2C+Turkey&min_bathrooms=0&min_bedrooms=0&min_beds=0&per_page=10&search_view=1&sort=1&page=3\\"
Your question is a little confusing without seeing more code, but those should work.
Related
I have an issue. I'm trying to write a string with ASCII text like this: '/\'. But whenever I do that the backslash screws up the code by canceling out the quote defining it a string therefore screwing it up. Is there anyway to cancel out the backslash so it doesn't cancel out the quote? Thanks guys!
The \ is special character, that says: 'The next character has special meaning'.
So if you want to dispaly \ you should write... \\ to get one \ in output
It would be very helpful to show what you have tried, but this will produce the exact output you requested (as shown by SO)
echo '\'/\\' . "'\n" ;
'/\'
It should also give you an idea of how backslash escaping works in different types of strings.
A great solution when writing stuff like that is HEREDOC. Inside a heredoc block you don't need to worry about escaping anything, it will just be text.
For example:
echo <<<TEXT
/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\
TEXT;
There is one catch. PHP will break if you don't align the echo at the start of the line, or if the TEXT; is not aligned at the start of the line.
Heredoc can also be assigned to a variable, like so:
$var = <<<SOME_MORE_TEXT
/|\/|\/|\/|\/|\/|\/|\/|\/|\/|\
SOME_MORE_TEXT;
Finally, HEREDOC preserves tabs and spaces. Which also might come in handy when doing ASCII art.
Refer to: http://php.net/manual/en/language.types.string.php for more information.
You only need to escape the final one when using single quotes.
$var = 'backslash\backslash\backslash\\';
// output is:
// backslash\backslash\backslash\
I have a hint echo'd however, i have a issue with " and ' i can echo numerical values to the string, but not words..
$hint='<a href="javascript:void(0)"
onclick="javascript:document.contactForm.musicDetailTitle4.value=5;
document.contactForm.musicDetailArtist4.value=foo;">fill form</a>'.
5 works but foo doesn't works.
UPDATE
Still not getting an output
$hint='fill form'.
Whole Code
echo $hint='fill form'.$artist."-".$title."-".$id."</a>";
Output is...
fill formTomato Soup-Heinz-0001fill formTomato Soup-Heinz-0001
You need to escape the quotes
$hint='fill form'.
It doesn't have much to do with PHP but rather JavaScript.
When passing a numeric value you just pass the number itself, but when passing strings you must wrap them in quotations otherwise the compiler will mistake "foo" for a variable named foo which may or may not exist.
As others mentioned, all you have to do is wrap your string like so:
\'foo\'
The slashes are because you don't want to close your echo which was also opened using a single quote, so you need to escape the character so when it's echoed to the user it will become 'foo'.
Try this -
$hint='fill form'.
When declaring a string value you must add quotes, and when adding it in this way you must escape those quotes using the \ key.
I want to create hyperlinks to pages on my site but the page address have double quotes within them?
Eg:
the above just links to mysite.com/search.php?q= as I would expect as it is written.
The API returning results allows phrase searches by placing them in double quotes.
Is there a way to escape these within the href tag?
Simple solution: use altenative quotes:
<a href='mysite.com/search.php?q="sales+manager"&l=usa'></a>
This will work fine (the browser will make sure the URL gets properly formatted when a user clicks it), but you should really be urlencoding special characters because there's a whole bunch of stuff that you're not allowed to use in URLs, and some stuff that has a different meaning (in a URL, spaces become +, for instance, so you can't drop in a + and get it to stay that once you parse it. URL magic!).
Have a look at urlencode and use that when generating the link URL server side. This will turn things like spaces into %20, double quotes into %22, etc., and is how you send literal string data from a client to a server.
Yo must encode the quotes "
mysite.com/search.php?q="sales+manager"&l=usa
Is there a way to escape these within the href tag?
Yes, with the escape character. \.
Although, the current state of your code would produce:
effectively breaking the href since you are breaking the string.
What you want, is just:
...
you are considering whether the characters need to be escaped in order to work in your HTML.
however, you should also consider whether they need to be escaped in order to be sound URLs.
to work in your HTML you may do
<a href="mysite.com/search.php?q='sales+manager'&l=usa">.
however, the ' character cannot be in a URL.
"Uniform Resource Locators may only contain the displayable characters in the standard ASCII character set. Nondisplayable characters or characters in the extended ASCII set (128 through 255) are specially encoded."
See here for a list of URL escape codes.
perhaps you want to retain the quotes in the get-request of your URL. in that case, you might want:
<a href="mysite.com/search.php?q=%22sales+manager%22&l=usa">
In a database, I have some text stored in a field call Description, the value of the string saved in my database is Me\You "R'S'" % and thats how it appears when querying the database command line.
Now, on a web page i have a function which searches this field as such:
WHERE Description LIKE '%$searchstring%'
So when $searchstring has been cleaned, if i was searching for Me\You, the backslash gets escape and my query reads:
WHERE Description LIKE '%Me\\You%'
However it doesn't return anything.
Strange part of this, is that when i search Me\\You or Me\\\You (So two or three backslashes, but no less or no more) it will return the result i expect with one backslash.
When querying for the result command-line, it does not return a result for:
WHERE Description LIKE '%Me\You%'
or when i use two or three backslashes.
However it will return the result if i use 4 - 7 backslashes, for example:
WHERE Description LIKE '%Me\\\\\\\You%'
will return the string which is Me\You "R'S'" %
Anyone have a reason to this happening? Thanks
Note
Because MySQL uses C escape syntax in strings (for example, “\n” to represent a newline character), you must double any “\” that you use in LIKE strings. For example, to search for “\n”, specify it as “\\n”. To search for “\”, specify it as “\\\\”; this is because the backslashes are stripped once by the parser and again when the pattern match is made, leaving a single backslash to be matched against.
Source: http://dev.mysql.com/doc/refman/5.1/en/string-comparison-functions.html#operator_like
Read this Need to select only data that contains backslashes in MySQL to see how to use double backslash escaping. You could also run MySQL in NO_BACKSLASH_ESCAPES mode (http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_no_backslash_escapes)
Although an old post, you can bypass this limitation using replace function to change backslash to another character: something like this in the WHERE clause. EXAMPLE:
WHERE replace('your field here', '\', '-') like "You-Me%"
I have built a search engine using php and mysql.
Problem:
When I submit a word with an apostrophe in it and return the value to the text field using $_GET the apostrophe has been replaced with a backslash and all characters after the apostrophe are missing.
Example:
Submitted Words: Just can't get enough
Returned Value (Using $_GET): Just can\
Also the url comes up like this:search=just+can%27t+get+enough
As you can see the ' has been replaced with a \ and get enough is missing.
Question:
Does anybody know what causes this to happen and what is the solution to fix this problem?
The code:
http://tinypaste.com/11d62
If you're running PHP version less than 5.3.0, the slash might be added by the Magic Quotes which you can turn off in the .ini file.
From your description of "value to the text field" I speculate you have some output code like this:
Redisplay
<input value='<?=$_GET['search']?>'>
In that case the contained single quote will terminate the html attribute. And anything behind the single quote is simply garbage to the browser. In this case applying htmlspecialchars to the output helps.
(The backslash is likely due to magic_quotes or mysql_*_escape before outputting the text. I doubt the question describes a database error here.)
Update: It seems it's indeed an output problem here:
echo "<a href='searchmusic.php?search=$search&s=$next'>Next</a>";
Regardless of if you use single or double quotes you would need:
echo "<a href='searchmusic.php?search="
. htmlspecialchars(stripslashes($search))
. "&s=$next'>Next</a>";
(Notice that using stripslashes is a workaround here. You should preserve the original search text, or disable the magic_quotes rather.)
Okay I forgot something crucial. htmlspecialchars needs the ENT_QUOTES parameter - always, and in your case particularly:
// prepare for later output:
$search = $_GET['search'];
$html_search = htmlspecialchars(stripslashes($search), ENT_QUOTES);
And then use that whereever you wanted to display $search before:
echo "<a href='searchmusic.php?search=$html_search&s=$next'>Next</a>";
Single quotes are important in PHP and MySQL.
A single quote is a delimeter for a string in PHP, for example:
$str = 'my string';
If you want to include a literal quote inside a string you must tell PHP that the quote is not the end of the string. It is escaped with the backslash, for example:
$str = 'my string with a quote \' inside it';
See PHP Strings for more on this.
MySQL operates in a similar way. An example query might be:
$username = 'andyb';
$quert = "SELECT * FROM users WHERE user_name = '$username'";
The single quote delimits the string parameter. If the $username included a single quote, this would cause the query to end prematurely. Correctly escaping parameters is an important concept to be familiar with as it is one attack vector for breaking into a database - see SQL Injection for more information.
One way to handle this escaping is with mysql_real_escape_string().