I have one url with one code.
http://www.example.com/exam.php?id=rteter#443545
Now when I click this URL, the value of the id is rteter, means it returns me only portion of code before #.
I have not sent the link with urlencode so please do not give that solutions. Links are already sent, is they any way by which I can get the full value in my php code?
Martha
The # character indicates the start of the fragment identifier and is handled client side. You need to represent it as %23 if you want it sent to the server.
If you are generating query string parameters programatically in PHP, use the urlencode function.
Check out this post on stackoverflow:
Can I read the hash portion of the URL on my server-side application (PHP, Ruby, Python, etc.)?
It might cover your question.
use url quote
http://www.example.com/exam.php?id='rteter%23443545'
http://php.net/manual/en/function.urlencode.php
Related
I have a site that allows users to create a page based on user input example.com/My Page
The problem is if they create a url like example.com/H & E Photos or example.com/#1 Fan Club
Once php decodes the url, it tries to parse those characters into a hash (or a query string in the case of ?)
In my .htacess I am doing this ([^/]+?)
What is the typical way of handling a situation like this? Ideally, without going to an id system (example.com/131234121). Poor planning on my part :(
EDIT. Talking about PHP here. url is encoded when it hits the server, php decodes before parse regex and url
If you are using PHP to create/handle storing entries for user-entered-URLs then use htmlentities on the string before trying to handle it.
https://www.php.net/manual/en/function.htmlentities.php
https://www.w3schools.com/php/func_string_htmlentities.asp
Apparently, what I was looking for was a rewrite flag.
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteflags
B Escape non-alphanumeric characters before applying the transformation.
This allows you to send percent-encoded strings to the URL without them being decoded beforehand.
So it was actually an apache thing and not PHP. Sorry for the misleading question.
I'm stuck with a php issue.
I've got to send a sql query with a POST form with an ajax request.
This query is like :
SELECT * FROM table WHERE field LIKE '%512%'
The problem is when i take back this query from POST var in php, it shows :
SELECT * FROM table WHERE field LIKE 'Q2%'
and it obviously fail...
I tried changing to utf-8 it didn't change anything.
Javascript seems to send the correct text, but php change it when reading POST.
Is ther a way I can prevent php from reading %51 as ascii code ?
Just in case, the website is written with Code Igniter.
Thanks
Don't send entire SQL queries from a Javascript client to a server. Just don't. That's worse than an SQL injection vulnerability, it's simply carte blanche for query execution by anyone for anything.
Data in HTTP requests is typically encoded using percent encoding, and guess what: %51 happens to stand for "Q" in this encoding. You need to properly encode your data when sending it in an HTTP request, for example using encodeURIComponent(). If you want to send "%51", you need to actually be sending %2551. The specifics will depend on how you're sending that data exactly.
Also consider reading The Great Escapism (Or: What You Need To Know To Work With Text Within Text).
Though you can use %25512%, but I agree with deceze.
Using %25 will be interpreted to % sign
so use %25Your number
POST Data : URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits.
First : encode data using javascript function.
var res = encodeURI("SELECT * FROM table WHERE field LIKE '%512%'");
then send the data using ajax.
In PHP, Decode data using function :
$data=urldecode(string $_POST['yourdata']);
For further information you can go through these links:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
http://php.net/manual/en/function.urldecode.php
http://ascii.cl/htmlcodes.htm
I've been coding in PHP for a while, and this is the first time I came across this issue.
My goal is to pass a GET variable (a url) without encoding or decoding it. Which means that "%2F" will not turn to "/" and the opposite. The reason for that is that I'm passing this variable to a 3rd party website and the vairable must stay exactly the way it is.
Right now what's happening is that this url (passed as a GET variable):http://example.com/something%2Felse turns into http://example.com/something/else.
How can I prevent php from encoding what's passed in GET?
Apache denies all URLs with %2F in the path part, for security reasons: scripts can't normally (ie. without rewriting) tell the difference between %2F and / due to the PATH_INFO environment variable being automatically URL-decoded (which is stupid, but a long-standing part of the CGI specification so there's nothing can be done about it).
You can turn this feature off using the AllowEncodedSlashes directive, but note that other web servers will still disallow it (with no option to turn that off), and that other characters may also be taboo (eg. %5C), and that %00 in particular will always be blocked by both Apache and IIS. So if your application relied on being able to have %2F or other characters in a path part you'd be limiting your compatibility/deployment options.
I am using urlencode() while preparing the search URL
You should use rawurlencode(), not urlencode() for escaping path parts. urlencode() is misnamed, it is actually for application/x-www-form-urlencoded data such as in the query string or the body of a POST request, and not for other parts of the URL.
The difference is that + doesn't mean space in path parts. rawurlencode() will correctly produce %20 instead, which will work both in form-encoded data and other parts of the URL.
Hex base16 encoding it is part of the HTTP protocol you cant prevent it else it would break the actual HTTP socket request to the server.
Use:
urlencode() to encode
urldecode() to decode
Please show an actual example of how you are sending the url to the 3rd party.
As it should read http%3A%2F%2Fexample.com%2Fsomething%2Felse not just the odd %2F like in your example.
How can I post a full URL in PHP?
For example:
I have a form allowing individuals to submit a long url. The resultant page is /index.php?url=http://www.example.com/
This is fine for short URLs, but for very long and complex URLs (like those from Google Maps) I need to know how to keep all of the data associated with variable url.
You need to percent encode the string — otherwise characters which have special meaning in URIs will have that special meaning instead of being treated as data.
http://php.net/urlencode
If users submit this data via a form, then it will be automatically encoded.
If you plan to include the URI in a link in an HTML document, then don't forget to convert special characters to HTML entities.
You sort of answer your own question:
How can I post a full URL in PHP?
If very long URLs are getting truncated by the users' browsers, your only option is to re-work your system to POST the URL to your script, as opposed to passing it in the query string.
If there is some condition that frustrates the use of a POST request, you should update your question with more detail about what your system does.
From what I have been able to understand, hash marks (#) aren't sent to the server, so it doesn't seem likely that I will be able to use raw PHP to parse data like in the URL below:
index.php?name=Ben&address=101 S 10th St Suite #301
I'm looking to pre-populate form fields with this $_GET data. How would I do this with Javascript (or jQuery), and is there a fallback that wouldn't break my form for people not using Javascript? Currently if there is a hash (usually in the address field), everything after that is not parsed in or stored in $_GET.
You can encode the hash as you should urlencode(in php) or encodeURIComponent(in JavaScript).
The "hash" is not part of the request, which is why your script never sees it.
Like webdestroya said, you'll need to send a request with the URL
index.php?name=Ben&address=101%20S%2010th%20St%20Suite%20%23301
If you're using HTML forms, then the string value will be auto-urlencoded when you submit the form.
the user will be clicking a link from an email and will want to see the hash mark rendered in the email
You need to encode the link to what Ben quoted before you stick it in the e-mail. What you currently have is not a URL at all.
You can optionally encode a space to + instead of %20 in the context of query parameters but you absolutely cannot include a raw space, because it is a defining characteristic of URLs that they don't have spaces in. If you type a space in a URL in a web browser it will quietly fix up the mistake, but an e-mail client can't pick out a URL from plain text if it's full of spaces.
There is sometimes an alternative function which encodes spaces to + instead of %20. Normally this is best avoided as + isn't valid in all circumstances, but if prefer:
index.php?name=Ben&address=101+S+10th+St+Suite+%23301
then you'd use PHP's urlencode function instead of the more standard rawurlencode.
Either way, you must encode the hash to %23, because otherwise a hash in an HTTP URL means the fragment identifier (the part of the page to scroll the browser to). This is not part of the address of the page itself; it is not even passed from the browser to the server, so you certainly cannot retrieve it—from $_GET or any other interface.
There are many other characters in a component like an address that must be %-encoded before being inserted into a URL string, or they'll leave you with an invalid or otherwise non-functional URL. If all that %23 business looks funny in a URL... well, you'll have to live with it. That's what URLs have always looked like.
I usually store the hash on a cookie onunload
ej:
window.unload = function(){
if(document.location.hash) setCoockie('myhash',document.location.hash);
};