Let's say I have the following URL: pic.php?t=1&p=23
When I try phpThumb.php?src=/pic.php?t=1&p=23, I get Forbidden parameter: p.
Anyone knows if there's a way around it?
You need to URLEncode that ampersand if you are trying to pass p=23 to pic.php. Try replacing the & with %26.
What you are effectively doing there is passing p=23 as a parameter to phpThumb.php, which obviously it doesn't like...
What you probably want to do is 'phpThumb.php?src='.urlencode('/pic.php?t=1&p=23');
Read this and this.
urlencode() the URL before passing it to phpThumb.
You can URL encode the ampersand to make it part of the content of the parameter in the querystring. This way, the whole /pic.php?t=1&p=23 gets passed as the src.
phpThumb.php?src=/pic.php?t=1%26p=23
The %26 is the encoded version of the &.
Use urlencode().
Related
I am doing a post HTTP request in swift 4.2 and in one of my Strings I put in the parameters contain "&" but apparently the requests gets cut off after this symbol. I thought about replacing every "&" symbol with a unique placeholder and convert it back in PHP.
But is there are more elegant or easy way of doing this?
URL encode your data (and decode it when you need to use it), that will make the ampersand into %26 which will stop it cutting off in your GET request.
You could replace the "&" with "%26" and then it's have to work :)
All Precent-encoding characters:
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
You should probably minimize how much manual percent escaping you do. You might, for example, use URLComponents to build your URL and percent escape it for you:
guard var components = URLComponents(string: "http://example.com") else { return }
components.queryItems = [URLQueryItem(name: "foo", value: "bar&baz")]
let url = components.url
That will result in:
http://example.com?foo=bar%26baz
The ampersand, as well as a few other characters, need to be encoded if they are within a query parameter otherwise they could be recognized as a delimiter of some sort.
You can encode a string for a query param in Swift like this:
let value = string.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)
let urlString = "https://example.com/?query=\(value)"
On the other side, your server will receive the encode param value but will need to decode it.
PHP includes the urlencode() and urldecode() functions, and stift includes the .addingPercentEncoding function.
This means you can replace with the encoded version of the '&' symbol which is '%26', or you can use swift's function
Then when you recieve this value you can use urldecode( $escapedString ), or just replace '%26' with '&', or just pull the values stright from the request with $_GET.
i am getting a querystring parameter like companyname=Larson&tubro. Its a single string. But my script is just breaking it after '&'. What is the solution to take this as a single string in PHP. I tried like the below:
<A onclick="window.open('comparitive_files/price_add.php?supplier_name= + urlencode({$supplier_name})&tender_id={$tender_id}','mywindow','width=1200,height=800,scrollbars=yes,resizable=yes')"
href="#">
You are trying to use php functions outside of php. Try something like this.
echo '<A onclick="window.open(\'comparitive_files/price_add.php?supplier_name='.urlencode($supplier_name).'&tender_id='.$tender_id.',\'mywindow\',\'width=1200,height=800,scrollbars=yes,resizable=yes\')" href="#">';
You can try urlencode
urlencode($var);
Use urlencode for encoding
urlencode($companyname);
and urldecode for decoding
urldecode($companyname)
& is used to seperate variables in a querystring. Instead use &.
To prevent any other illegal characters from getting in your querystring, use urlencode()
I'm wondering if it's possible to parse a string containing an URL as GET parameter using Mod-Rewrite through CakePHP. Do I have to pass this via $this->request->data (POST)?
Is it common to set Routes for such cases or would you either recommend splitting the URL into separate parameters?
A slash in $_GET? Woudn't that just be a query string containing such a slash?
See http://book.cakephp.org/2.0/en/controllers/request-response.html#accessing-querystring-parameters
By default those query strings are properly escaped, so all is well without any hacks on your end.
You can use rawurlencode() to esacpe special characters.
In my code, I create a link like this:
$link = 'http://www.mydomain.com/'.urlencode($str).'/1';
I use url-rewriting and the rule in my htaccess file looks like this:
rewriteRule ^(.+)/(.*)$ index.php?var1=$1&var2=$2 [NC,L]
This code is working fine for almost every strings. But sometimes, the string to encode contains "&". The urlencode function encodes it corectly, but when I read the $_GET array in php, it looks like this (with $str = 'substring1&substring2'):
'var1' => 'substring1' (without "&")
'substring2' => '' (without "&")
'var2' => 1
I really need the "&" in my var. Is there a way to encode that character to make it works?
Also, I really don't know why, but sometimes I get a forbidden http error with some strings passed as var1. Apparently, they have nothing special, for exemple, "Décarie Square" makes that error. Other strings with spaces and "é" are working fine.
Apache's mod_rewrite automatically decodes urlencoded strings when it does regex matching. But it only does this once, so you should be if you urlencode your string twice. This will re-escape all of those `%' characters.
try
$link = 'http://www.mydomain.com/'.urlencode(urlencode($str)).'/1';
or stop relying on rewrite rules and use a framework that handles URL routing properly.
Oh, and there should also be htmlentities() somewhere in there.
Apache will automatically translate (decode) the path. You must use a different encoding or even double encoding. Base 64 will work.
your $str isn't setup with key=val pairs
Try $str = 'var1=substr1&var2=substr2';
Two options:
Urlencode the string before urlencoding the query.
Replace all non alphanumerical chars with a dash or underscore
As for the forbidden error are you using http auth basic or digest?
Update may mistake try using htmlentities or htmlspecialchars instead of urlencode
If I have a URL like asdf.com/index.php?a=0&b=2, then using $_GET for a would be 0 and for b would be 2. However, the term I put into a single $_GET function has an ampersand in it already, like a=Steak&Cheese. Is there a way to make ampersands work without the $_GET variable thinking its job ends when the ampersand shows up (therefore not pulling the entire term)?
urlencode() it so & turns into %26.
If you need to make a query string out of some parameters, you can use http_build_query() instead and it will URL encode your parameters for you.
On the receiving end, your $_GET values will be decoded for you by PHP, so the query string a=Steak%26Cheese corresponds to $_GET = array('a' => 'Steak&Cheese').
Yes, you must URL Encode before request URL. Read this http://www.w3schools.com/TAGS/ref_urlencode.asp
Here is a previous post covering this in jquery AJAX requests, but to summarize you have to encoded the uri. This will convert the ampersand value to a ascii value.
Ampersand in GET, PHP