My problem is this. I'm setting a cookie using java script, which contains value
"MXGWJfgr4HDINl/BdAfBUf12710aFNcaIQKgGJ7VShxvprVo1XK+Hntg"
Now, when i receive and read this cookie on a PHP page, im getting the content as
"MXGWJfgr4HDINl/BdAfBUf12710aFNcaIQKgGJ7VShxvprVo1XK Hntg"
The '+' sign is change to a space character. Why is it so?
According to document.cookie reference:
The cookie value string can use encodeURIComponent() to ensure that
the string does not contain any commas, semicolons, or whitespace
(which are disallowed in cookie values).
So this is what you need to do:
document.cookie = "foobar=" + encodeURIComponent("MXGWJfgr4HDINl/BdAfBUf12710aFNcaIQKgGJ7VShxvprVo1XK+Hntg");
alert(document.cookie); // + becomes %2B which PHP will interpret and decode automatically
Related
Basically that is the question, when I send the same parameter by different methods I get different values.
This happens because + is the URL encoding of the space character in HTTP. When you use GET, the URL is parsed by the server before the data are handed to your code. The processing for POST is different and doesn't include that conversion of + to space.
If you want to actually send a + as data in a GET, encode it as %2B. The same decoding process that converts + to space will convert %2B to a +. Also take a look at the encodeURI() function.
This question already has answers here:
Is it possible to preserve plus signs in PHP $_GET vars without encoding?
(7 answers)
Closed 9 years ago.
I am retrieving a GET variable from URL which contains "+" in between the string.
But PHP is storing "space" instead of "+"
PFB output :
in URL : key=7VR47WOtmD+acS0
php echo : echo rawurlencode$_GET['key']) ;
//returns
7VR47WOtmD acS0
Could you please tell me how to get + symbol in the php output ?
Note: do not suggest find and replace option
You need to encode reserved characters ($ & + / : ; ? # etc) if you want to use them in an URL. You need to use %2B instead of +. If you're using PHP to generate the URL, then you can use the function urlencode() to automatically encode all characters that require encoding.
Yes, that's how URLs work. The character + in URLs must, because of the URL specification, be interpreted as a space, as plain spaces are not allowed in URLs. If you want to send a true + character (or a space for that matter) you must escape it using something like encodeURIComponent("+") (in the browser) or urlencode("+") in PHP, before sending it.
I've done some tests, and it appears that when I test this:
http://127.0.0.1/test.php?x={some non-english string}
http://127.0.0.1/test.php?x=الapple
By examining the output of:
echo bin2hex($_GET["x"]);
In Firefox & Chrome, I get the UTF-8 representation of the string d8a7d9846170706c65.
$_GET['x'] variable. In IE, I get 3f3f6170706c65. which is wrong
And I know that PHP does not change encoding, and only sees the string as a byte array.
The question is:
Is this controlled by the browser used?
Is it reliable to always assume the input it in UTF-8 encoding?
Is there a way to manage what encoding the browser sends to the server? across all browsers?
There is a difference from where the request originated.
If it’s from a user’s input, e.g., entering the URL into the browser’s address field, most browsers follow the suggestion in RFC 3986 and use UTF-8 as encoding:
When a new URI scheme defines a component that represents textual
data consisting of characters from the Universal Character Set [UCS],
the data should first be encoded as octets according to the UTF-8
character encoding [STD63]; […]
Although this is intended for new URI schemes and HTTP is quite old.
However, if the URL was embedded in a document, e.g., as a link or form action, the document’s encoding is used unless the data was already encoded using the URL encoding. And in case the data has a wrong encoding, invalid sequences may be replaces with certain characters that should denote those invalid sequences like the � (U+FFFD) in Unicode does. Similarly, the invalid encoded characters ل and ا may have been replaces by ?, which has the code point 0x3F in ASCII.
I think it should come down to how urldecode (http://www.php.net/manual/en/function.urldecode.php) interprets it, since the $_GET variables are all passed through that function (see http://php.net/manual/en/reserved.variables.get.php)
EDIT
To encode the characters to UTF-8 for use in a URL from the client side, you can use the encodeURI in JavaScript.
For the example you gave, you can do encodeURI('الapple');, which should return "%D8%A7%D9%84apple"
Giving this to PHP's urldecode function (as it would be automatically) returns the original string, with the following hex output;
echo bin2hex(urldecode("%D8%A7%D9%84apple")); //outputs d8a7d9846170706c65
yes it's possible !
To encode the URL :
<?php
$url = "http://127.0.0.1/test.php?x=".urlencode("some non-english string");
?>
To decode the URL :
<?php
$url = urldecode($_GET["x"]);
?>
I am passing an encrypted string in the url and then using php $_GET to retrieve it but i am having some problems with let me write the url first to make it more sense
http://localhost/marketplace/test.php?sortid=Cd2&V0reSzN$NBh^tjcF!%3CfsAAhIU%28%3C
if you will notice i have an ampersand sign in the middle of the string so when i am echoing out $_GET it is breaking the value after ampersand sign Ex
echo $_GET['sortid'];
and the result i am getting is Cd2 and it is not reading anything after ampersand sign , the problem i can figure out is that php will read the everything as a different parameter after '&' sign while using $_GET
But i have no idea on how to fix this
Thanks
This is happening because ampersand sign has a special meaning in query strings. The behaviour you are experiencing is perfectly normal and expected.
If you want to pass GET parameters that include special characters you should properly encode them using urlencode or alternatively something like base64 encode.
by URL creating, replace ampersand with %26, it will do the trick.
Alternately, encode your encoded string with base64 again, then you have no ampersand.
I have a text field where where the user can pass wild cards - more specific to the question they can use '%' character.
I am using ajax to get the value and send it to a PHP file. If I enter '%BA' in the text file and retrieve the value using
document.getElementById('textfield').value
This actually gets '%BA'. I am using POST method to send it to a PHP file. But the variable displays as "�" in the web browser and inserts " ° - degree small o" in the database.
I am sure there are other cases that I am not aware of as well. Is there a function in PHP to escape the special characters or any other way to get the exact string?
Edit: This may be a guess but doing escape(document.getElementById('textfield').value) to send the value and using urldecode($values[3]) to retrieve the value doesn't work. Maybe it's a js to PHP problem.
Update: urldecode will not work. Read the first comment in urldecode. Used the function there. Solved.
while passing the value using ajax , you just encode the value with encodeURIComponent() function and use urldecode() function to decode it in the php file. This might solve the issue.
You could encode the characters with urlencode (and maybe htmlspecialchars too) before storing it in the database, and use urldecode ( and maybe htmlspecialchars_decode) to decode them before displaying to the user.
You can use escape in javascript i.e.
escape(document.getElementById('val'))