With this Symfony page, I am passing $_GET parameters in the URI like this:
http://www.mysite.com/article?page=4&sort=1
Once in my layout, there are certain links in the page that need to have the same query string in them.
Anyways, using Symfony's url_for() command I'm making URLs like so:
$url = url_for('article/index?.http_build_query($_GET));
That way it makes a new url using the $_GET variables. For some of the links I'm changing the $_GET values ahead of time, like $_GET['sort']=0; before generating the url. That's why I'm using this method.
Anyways, when I look at the generated URL, it now looks like this:
http://www.mysite.com/article?page=4&%3Bsort=1
The &%3B is the encoded form of & which is just an & character.
So the problem is that when I check for my $_GET parameters in my controller now, there is no longer a sort parameter that is passed. It's now called &%3Bsort... It's causing all sorts of issues.
Two questions:
How do I avoid this problem? Can I decode the $_GET parameter key values in my controller or something?
Why is symfony encoding a & character in the first place? It's a perfectly acceptable URI character. Heck, even the encoded value, &%3B contains a & !!!
I believe, it is because of output escaping is ON in your application. As a result, $_GET array is wrapped inside sfOutputEscaperArrayDecorator class. You can get a raw value using this: $_GET->getRawValue().
$url = url_for('article/index?.http_build_query($_GET->getRawValue()))
Or you can decode the result query using sfOutputEscaper::unescape
$url = url_for('article/index?.sfOutputEscaper::unescape(http_build_query($_GET)));
Hope this will be useful.
Best if you use Symfony's own method for getting the request parameters. For example, in templates, use:
$sf_request->getParameter('some_param');
If you must use $_GET, maybe try:
((( $sf_data->getRaw('_GET') )))
... to get past the output escaping. Not totally sure if that'll work as is.
Related
I am having following url,
www.example.com/index.php?r=recommend/create&id=184?
title=Ruins%20of%20Mahabalipuram
&url=http://localhost/index.php/mediadetail/index/184
I need to get title and url which are query string parameters.
Has anyone worked on getting values in query string in Yii?
There is also the getParam() method in CHttpRequest.
Yii::app()->request->getParam('title')
I've found it a valuable shortcut, since it checks both $_POST and $_GET and gives priority to $_GET, so you can use it to override post variables in the address URL. It also performs null checks and you can provide a default value in the second parameter.
The drawbacks are that you can't use it for arrays and maybe it's a little bit verbose (compared to $_GET['title']).
Look the function parse_str, it would worked and if not, look parse_url but it's not necessary for what you want to do.
They'll automatically be available in your action as $_GET variables. Yii handles parsing them for you as part of the CHttpRequest object
I'm trying to put a script together for a client that needs to be able to accept a web address in a query string without it first being urlencoded. An example would be like this:
http://foo.com/script.php?url=www.amazon.co.uk/ESET-Smart-Security-User-Year/dp/B005NPFOBM/ref=sr_1_1?s=software&ie=UTF8&qid=1341685530&sr=1-1
However, when I echo out the contents of $_GET['url'] it gives me the following:
www.amazon.co.uk/ESET-Smart-Security-User-Year/dp/B005NPFOBM/ref=sr_1_1?s=software
So basically it seems to choke on the first ampersand - i'm guessing because it thinks that its another variable.
Aside form urlencoding, are there any tricks to getting this working? I could probably POST it from a form, but this defeats the idea of the script.
For this specific use case, you should use $_SERVER['QUERY_STRING'] instead. This will give you the full query string in one go, you can then split it yourself.
In your example, PHP is assuming that the & is the delimiter for the next GET variable.
you could ask the query parameters, and add them to the URL you received. List the remaining parameters in $_GET in the proper order, and add them add the end of $_GET['url'].
$_GET['url']
+ '&ie=' + $_GET['ie']
+ '&qid=' + $_GET['qid']
+ '&sr=' + $_GET['sr']
Be careful that you might get an extra parameter url someday.
http://foo.com/script.php?url=www.amazon.co.uk/ESET-Smart-Security-User-Year/dp/B005NPFOBM/ref=sr_1_1?s=software&ie=UTF8&qid=1341685530&sr=1-1&url=http://someAmazoneStuff
This might be a basic question and I've been searching for a safe and clean way to do this. Im passing a normal string which CAN include special characters (like $ ^ % etc). How can I do this in the url? For example I have a variable called $text which In addto.php from $_GET. How do I then transfer this to more.php?
'more.php?varname='.urlencode($_GET['text']);
urlencode sounds like what you want.
(from the docs)
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next page.
You can pass data through an URL, it should be in the form of key/value pairs, but you shouldn't use it to pass too much data because an URL has a limit. You also should not pass sensitive information.
A key/value pair is something like this:
key=value
If you have more then one pair, you need to separate them using the & char. Here is an example:
myScript.php?color1=blue&color2=red
The string after ? is called the Query String. With PHP you can easily access those key/value pairs using the super-global $_GET. So, in myScript.php you do:
$a = $_GET['color1'];
$b = $_GET['color2'];
Now, if you are going to create a dynamic query string, you should use urlencode() at least, so any special characters will be translated to maintain a proper URL format.
Please read the following:
http://php.net/urlencode
http://php.net/manual/en/function.http-build-query.php
Regular expressions have never been one of my strong points, and this one has me stumped. As part of a project, I want to develop an SEO link class in PHP. Handling the mod_rewrite through Apache is fairly straightforward for me, and that works great.
However, I'd like to create a function which is able to generate the SEO link based on a dynamic URL I pass in as the first (and only) parameter to the function.
For example, this would be the function call in PHP:
Blog Post Title
The function CreateLink would then analyse the string passed in, and output something like this:
blog/blog-post-title
The URL stub of the blog post is stored in the Database already. I think the best way to achieve this is to analyse the dynamic URL string passed in, and generate an associative array to be analysed. My question is, what would the Regular Expression be to take the URL and produce the following associative array in PHP?
link_pieces['page_type'] = 'blog/post';
link_pieces['post'] = 123;
link_pieces['category'] = 5;
Where page_type is the base directory and request page without extension, and the other array values are the request vars?
You can just use parse_url and parse_str, no need for regexes.
Use parse_url to break the URL into parts:
This function parses a URL and returns an associative array containing any of the various components of the URL that are present.
Then use parse_str to break down the querystring part of the URL.
I am looking to have a list of arguments passed across in an a URL.
$url['key1']=1;
$url['key2']=2;
$url['key3']=3;
$url['key4']=4;
$url['key5']=5;
$url['key6']=6;
$url['key7']=7;
Please Note I am trying to pass this in the URL in 1 GET variable. I know this would be better done by ?key1=1&key2=2&key3=3...etc but for reasons that are too complicated to try and explain they can't be in this format.
Any suggestions how I can convert this array into something that can be passed as 1 get var in a URL string?
Thanks in advance.
You can use json_encode() or serialize()
$myUrl = 'http://www.example.com/?myKey=' . urlencode(json_encode($url));
or
$myUrl = 'http://www.example.com/?myKey=' . urlencode(serialize($url));
Using json_encode will usually give you a shorter string, but very old PHP version might not have the json_decode function available to decode it again.
The final way would be to create your own custom encoding... it could be as simple a pipe-separated values: key1|1|key2|2|key3|3
This would give you the best option for a short URL, but is the most work.
Try http_build_query:
$url['key1']=1;
$url['key2']=2;
$url['key3']=3;
$url['key4']=4;
$url['key5']=5;
$url['key6']=6;
$url['key7']=7;
echo http_build_query($url);
//echos key1=1&key2=2&key3=3&key...
What it does is converting an array into a query string using the keys and automatically takes care of url-encoding.
EDIT:
Just read your additional requirement that it should be just one variable. So nevermind this answer.
If your problem was the proper encoding though you might want to give this another try.
Hope that helps.
The recommendation to use serialize() is fine. If space is an issue, then use a combination of bzcompress() and serialize().
However, there's a security considering that hasn't been brought up, and that's that the end user (who can see and edit this url) could manipulate the data within it. You may think it's difficult, but most of the PHP-attacking worms in the wild do this to some degree or another.
If letting the user directly manipulate any of the keys or values (or replacing it with an integer, or an object, or anything else), then you should protect your script (and your users) from this attack.
A simple solution is to simply use a shared secret. It can be anything; just so long as it's unique and truly secret (perhaps you should randomly generate it at install-time). Let's say you have in your config file something like this:
define('SECRET', 'unoqetbioqtnioqrntbioqt');
Then, you can digitally sign the serialized data created with: $s=serialize($m) using $k=sha1($s.SECRET) and make the url value $k.$s
Then, before you unserialize() do this:
$v=substr($input,0,40);
$s=substr($input,40);
if ($v != sha1($s.SECRET)) { die("invalid input"); }
$m=unserialize($s);
This way, you know that $m is the same as the original value that you serialized.
If you like, you can use the following drop-in replacements:
define('SECRET','buh9tnb1094tib014'); // make sure you pick something else
function secureserialize($o) {
$s=serialize($o);
return sha1($s.SECRET).$s;
}
function secureunserialize($i) {
$v=substr($i,0,40);$s=substr($i,40);
if ($v!=sha1($s.SECRET)){die("invalid input");}
return unserialize($s);
}
You could serialize them as key-value pairs when constructing the URL, putting the resultant serialized value in a single $_GET variable (e.g. data=sfsdfasdf98sdfasdf), then unserialize the $_GET["data"] variable. You'll need to use urlencode to make sure the resultant serialized values are URL-safe. Make sure you watch out for maximum URL lengths - 2083 characters in IE.
However, unless you really can't use key-value pairs in URLs (per your question), key1=foo&key2=bar... is definitely the way to go.
If you don't mind dropping the key names, you can use
http://example.com?url[]=1&url[]=2&url[]=3
EDIT Keeping the key names:
http://example.com?values[]=1&values[]=2&values[]=3&keys[]=1&keys[]=2&keys[]=3
Then in your PHP script:
$url = array_combine($_GET['keys'], $_GET['values']);
Could you solve your problem by saving the data as a HTML cookie? That way you don't have to modify the URL at all.
If you know the values in advance, you can set them from the server side when you send the user the page with your target link on it.
If you won't know the values until the user fills out a form it can still be done using JavascriptL When the user clicks the form submit you can set multiple cookies by making multiple javascript calls like:
document.cookie = 'key1=test; expires=Mon, 7 Sept 2009 23:47:11 UTC; path=/'
The security model might give you some trouble if you are trying to pass this data from one domain to another though.