I have a variable which consists of
// The First Page (hello.php)
$a = 'goto.php?a_56=63525588000&url=http://www.example.com/site/DISC+cUSTOMc+Studio+24+- +Windows/1142766.p?
id=1218224802931&usi=1142766&cmp=RMX&
ky=2crslw0k9ZOM0ciu2rqi4NsYY7eQnnEyP';
// The Second Page (goto.php)
$r = $_GET['url'];
echo $r;
//http://www.example.com/site/Disc cCustomc Studio 8 - Windows/1142766.p?id=1218224802931
Why is it getting cut off?
This isn't a length issue, it's because you want one of your GET parameters (url in this case) to contain the & character. You need to urlencode this character otherwise it will be interpreted as another GET parameter in the request, rather than as part of the url parameter.
When urlencoding, & will become %26 and your query string will become this,
goto.php?a_56=63525588000&url=http://www.example.com/site/DISC+cUSTOMc+Studio+24+-+Windows/1142766.p?id=1218224802931%26usi=1142766%26cmp=RMX%26ky=2crslw0k9ZOM0ciu2rqi4NsYY7eQnnEyP
It's getting cut off because it's treating the & in your url parameter as an actual GET parameter divider, when it's not.
You need to use urlencode() to encode your URL.
The ampersand is used to separate parameters in the outside query string. You will need to URL-encode it if you want to use it within a GET parameter.
Because & indicates the end of a key/value pair in a query string.
Use urlencode to prepare data for inclusion in a query string.
Related
I am sending an HTTP GET request with urlencoded value from a client application and on the server side I am using $_GET["Value"] to grab the value.
this is what the request looks like on the client side https://example.com/validate.php?Value=+MqZjrRvtvFdcC3GCRRnnQ== but on the server side the result of $_GET["Value"] is MqZjrRvtvFdcC3GCRRnnQ== without + in the beginning of MqZjrRvtvFdcC3GCRRnnQ== How can I grab the value as it is including all the special characters(if any)
I tried htmlspecialchars($_GET["Value"]) but this didnt work either.
You can't inject any random character in a URL, you need to use proper escaping functions. In PHP you have rawurlencode():
$encoded = 'https://example.com/validate.php?Value=' . rawurlencode('+MqZjrRvtvFdcC3GCRRnnQ==');
https://example.com/validate.php?Value=%2BMqZjrRvtvFdcC3GCRRnnQ%3D%3D
(Demo)
In particular, + is some old encoding for whitespace character (U+0020) and = is often used to separate argument name from argument value.
The + is a special char which will be escaped by parse_str().
You need to parse the query string by yourself.
Note: If there are multiple values you need to split by & first.
Calling
http://localhost:4000/?Value=+MqZjrRvtvFdcC3GCRRnnQ==
[$key, $value] = explode('=', $_SERVER['QUERY_STRING']);
will give a $value of
+MqZjrRvtvFdcC3GCRRnnQ==
I have a webapp created using C# and asp.net. I placed a parameter value in the querystring with a plus(+) sign. But the plus sign disappear.
How can I include the plus sign(+) in the query string without disappearing?
Please advise.
Thanks.
Edit: added code with UrlEncode
string str = Server.UrlEncode(Requery.QueryString["new"]);
+ sign has a semantic meaning in the query string. It is used to represent a space. Another character that has semantic importance in the query string is & which is used to separate the various var=value pairs in the query string.
Most server side scripts would decode the query parameters before using them, so that a + gets properly converted to a space. Now, if you want a literal + to be present in the query string, you need to specify %2B instead.
+ sign in the query string is URL-decoded to a space. %2B in the query string is URL-decoded to a + sign.
See the difference between
http://www.google.com/search?q=foo+bar
and
http://www.google.com/search?q=foo%2Bbar
In the above examples, Google's server script is URL-decoding the query parameters and then using them to do the search.
URL-encoding is nothing but % sign followed by the hex-code of the special character. For example, we know that the hex code of A is 0x41 (decimal: 65). Try this:
http://www.google.com/search?q=%41
Hope this makes URL-encoding clear.
So, if you want the + sign to be preserved when a JavaScript is fetching a URL with + signs in its query parameters and a server side script would process the query parameters after URL-decoding it, you should URL-encode the query parameters in the URL before using issuing the HTTP get request so that all + signs are converted to %2B's when the request reaches the server side script. Now when the server side script URL-decodes the query string, all %2B's gets converted back to + signs which is what you want.
See Encode URL in JavaScript? to learn how to URL-encode the parameters using JavaScript. Short answer from the discussion there:
var encodedURL = "http://example.com/foo.php?var=" + encodeURIComponent(param);
You should URLEncode your query string values to make sure any special characters are not lost.
Look at HTML URL Encoding Reference
You need to Encode the + sign - It's value should be %2B
I alter my previous statement so no one gets confused!
Create your url using the Server.UrlEncode.
e.g.
string myUrl = "http://myurl?param1=" + Server.UrlEncode("my+param+1");
For the solution, I have applied:
Step 1:Use Server.UrlEncode method for encoding the URL parameter.
Response.Redirect("YourURL?parameter=Server.UrlEncode(parameterValue.ToString().Trim()");
step 2: on another side, you get a string with a plus(+) sign.
var parameter = Request.QueryString["parameterValue"].ToString().Trim();
This is the result: %2beH8 --> +eH8
Other simple way is, Request.Url.ToString().Substring(Request.Url.ToString().IndexOf("=") + 1) assuming that my URL is, http://localhost/MyApp/Activate.aspx?ActivationCode=cHbtqH9P2dDZkx/mYUgFFo7nrNqSFgqdPisAzzu5/nwlEYDOHI+CQw==
before send you parameter, you need check if the parameter contains plus sign, if have you need replace to one flag, for example:
the parameter is: klasjdlkasd+djid3223
can you replace: klasjdlkasdFLAGdjid3223
and when you go convert, you need replace angain
klasjdlkasd+djid3223
Try this, it works for me:
Request.QueryString["new"].Trim();
The solution is to ALWAYS include .Replace(" ", "+") when you request querystring
string s = Request.QueryString["id"].Trim().Replace(" ", "+");
source: http://www.webmasterworld.com/forum47/3238.htm
Add this line in Decrypt Funcation:
strText = strText.Replace(" ", "+");
I am doing a post HTTP request in swift 4.2 and in one of my Strings I put in the parameters contain "&" but apparently the requests gets cut off after this symbol. I thought about replacing every "&" symbol with a unique placeholder and convert it back in PHP.
But is there are more elegant or easy way of doing this?
URL encode your data (and decode it when you need to use it), that will make the ampersand into %26 which will stop it cutting off in your GET request.
You could replace the "&" with "%26" and then it's have to work :)
All Precent-encoding characters:
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
You should probably minimize how much manual percent escaping you do. You might, for example, use URLComponents to build your URL and percent escape it for you:
guard var components = URLComponents(string: "http://example.com") else { return }
components.queryItems = [URLQueryItem(name: "foo", value: "bar&baz")]
let url = components.url
That will result in:
http://example.com?foo=bar%26baz
The ampersand, as well as a few other characters, need to be encoded if they are within a query parameter otherwise they could be recognized as a delimiter of some sort.
You can encode a string for a query param in Swift like this:
let value = string.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)
let urlString = "https://example.com/?query=\(value)"
On the other side, your server will receive the encode param value but will need to decode it.
PHP includes the urlencode() and urldecode() functions, and stift includes the .addingPercentEncoding function.
This means you can replace with the encoded version of the '&' symbol which is '%26', or you can use swift's function
Then when you recieve this value you can use urldecode( $escapedString ), or just replace '%26' with '&', or just pull the values stright from the request with $_GET.
I have this URL-
http://localhost/app_demo/sample.php?jsonRequest={"GenInfo":{"type":"Request","appname":"XXX","appversion":"1.0.0"},"searchDish":{"userId":"295","dishName":"","est":"Pizza & Wings","location":"","type":"","priceRange":"","deviceos":"value","deviceId":"<UDID>","deviceType":"value","pageNo":"1"}}
when I hit this URL and print
print_r($_REQUEST['jsonRequest']);
string print only upto
{"GenInfo":{"type":"Request","appname":"XXX","appversion":"1.0.0"},"searchDish":{"userId":"295","dishName":"","est":"2 Pizza
I search the net but did not get the answer.What is solution for this?
please help,
thanks.
A query string is normally composed of key/value pairs, the start of a query string is the question mark (?), and then all pairs are separated with an ampersand (&). Having an ampersand in your value is like starting a new parameter.
However, this is not the right way to do this. You shouldn't put JSON in the query string.
If you really must have an ampersand in the query string, use %26 and not &. %26 which is the hex value for the ampersand.
You should make a POST request instead of a GET request:
Encoding collisions
URI length limit
The character "&" is the problem, because it is reserved. (is the query string params separator)
You must "urlencode" your string before use it on your GET request. So characters like & are converted. But as jValdron point it you shouldn't put JSON in the query string, but you can do it.
So you urlencode the string:
$url = 'http://localhost/app_demo/sample.php?jsonRequest=';
$jsonRequest = urlencode('{"GenInfo":{"type":"Request","appname":"XXX","appversion":"1.0.0"},"searchDish":{"userId":"295","dishName":"","est":"Pizza & Wings","location":"","type":"","priceRange":"","deviceos":"value","deviceId":"<UDID>","deviceType":"value","pageNo":"1"}}');
$url .= $jsonRequest;
And then you urldecode
print_r(urldecode($_REQUEST['jsonRequest']));
Again, you shouldn't put JSON in the query string.
If I have a URL like asdf.com/index.php?a=0&b=2, then using $_GET for a would be 0 and for b would be 2. However, the term I put into a single $_GET function has an ampersand in it already, like a=Steak&Cheese. Is there a way to make ampersands work without the $_GET variable thinking its job ends when the ampersand shows up (therefore not pulling the entire term)?
urlencode() it so & turns into %26.
If you need to make a query string out of some parameters, you can use http_build_query() instead and it will URL encode your parameters for you.
On the receiving end, your $_GET values will be decoded for you by PHP, so the query string a=Steak%26Cheese corresponds to $_GET = array('a' => 'Steak&Cheese').
Yes, you must URL Encode before request URL. Read this http://www.w3schools.com/TAGS/ref_urlencode.asp
Here is a previous post covering this in jquery AJAX requests, but to summarize you have to encoded the uri. This will convert the ampersand value to a ascii value.
Ampersand in GET, PHP