I posted this question last week, but I wasn't very clear on what was needed. So I'm reposting right now.
I have a string stored in a database, which looks something like this:
<5u79cfda 4d01ga3a 11c833f9 7b52df2a 7g210252 e21b01fa a73d3463 9ge0e412>
I'm trying to insert this into a web address, but needs to be encoded properly for it to work. I'm running a query to obtain the script:
$result = mysql_query("SELECT cPushID FROM tblUsers WHERE intUserID='20' AND Length(cPushID) > 70");
$pid = mysql_fetch_row($result);
Then trying to insert it into this web address to be executed:
file_get_contents("http://domain/test.php?msg='Test!'&to=$pid");
How do I properly insert this string into the web address so it will be read properly upon execution.
Thanks for your help.
Use urlencode.
How about urlencode?
$encoded = urlencode($some_string");
Pass that encoded string to file_get_contents
If you ever need to decode it, use urldecode()
http://php.net/manual/en/function.urlencode.php
You need to urlencode() your query string in order to safely encode those spaces (and possible angle brackets as well?!)
file_get_contents("http://domain/test.php?msg='Test!'&to=".urlencode($pid));
The query string is automatically decoded when you read $_GET['pid']
Related
I am sending an API request and want to submit a search term inside the URL:
$query="My Query";
$query_encode= urlencode($query);
$url_json="API_URL".$query_encode
$json = file_get_contents($url_json);
What I want to do is that "My Query" should contain a more complex term like:
"word1 word2" (word3 OR word4) AND word5
My problem is that I want to get the results from the API (database) that match excactly "word1 word2" so I need to somehow send the quoatation marks via http.
Does someone has an idea how I need to set up the content of My Query including the required quotation marks to send a query with the phrase, not just the words
$query="My Query";
if you want to send the quotes then include it in your query.
you set a string value inside quotes in PHP. so what you have right now are not additional quotes that you want to send along in the request but the quotes that will be parsed and removed by PHP.
you should do something like:
$query='"My Query"';
this will result in something like %22My+Query%22
urldecode this later to get back "My Query" as string value.
Put the quotes in the string. urlencode() will take care of encoding them properly. Also, you need ? between the URL and the query parameters, and you probably need to supply a name for the parameter (I'm assuming it's named query in the code below, you need to get the actual parameter from the API specification).
$query = '"word1 word2"';
$query_encode = urlencode($query);
$url_json = "API_URL?query=$query_encode";
$json = file_get_contents($url_json);
I have a small problem with my PHP script. I want to be able to have a URL within a query string so it would look like this:
http://example.com/?url=http://google.com/
This works absolutely fine and $_GET['url'] will return http://google.com.
The problem is when the URL in my query string already has query string, for example:
http://example.com/?url=http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str?ie=UTF8&node=163856011
will return:
http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str?ie=UTF8
and I want it to return:
http://www.amazon.com/MP3-Music-Download/b/ref=sa_menu_mp3_str?ie=UTF8&node=163856011
I am using PHP for server side.
Could anybody please help?
Update
I am using Codeigniter, so if this is the reason why it isn't working as it should then please let me know.
You need to encode the url passed as query argument:
If you send it from PHP, use urlencode or rawurlencode.
If you send it from JS, use encodeURIComponent.
Use urldecode() to pass query string
I'm very new to PHP but have a good understanding of C,
When I want to access some post data on an API i'm creating in PHP I use:
$_POST['date_set']
to fetch a value being passed for date - This all works perfectly, however I read I should be fetching it like this:
$date_set = trim(urldecode($_POST['date_set']));
This always returns a 00:00:00 value for the date after it's stored in my DB.
When I access directly using $_POST['date_set'] I get whatever value was posted, for example: 2013-08-28 10:31:03
Can someone tell me what I'm messing up?
You should try it like,
$date_set = $_POST['date_set'].explode(' ');//('2013-08-28 10:31:03').explode(' ')
echo $date_set[1];
or
echo date('H:i:s',strtotime($_POST['date_set'])));
//echo date('H:i:s',strtotime('2013-08-28 10:31:03'));
If you are very new in php the Read date()
You only run urldecode over data is URL encoded. PHP will have decoded it before populating $_POST, so you certainly shouldn't be using that. (You might have to if you are dealing with double-encoded data, but the right solution there should be to not double encode the data).
trim removes leading and trailing white-space. It is useful if you have a free form input in which rogue spaces might be typed. You will need to do further sanity checking afterwards.
urldecode — Decodes URL-encoded string
Description
string urldecode ( string $str )
Decodes any %## encoding in the given string. Plus symbols ('+') are decoded to a space character.
urldecode: is used only for GET requests. you should be fine using $_POST['date_set'] only.
http://php.net/manual/en/function.urldecode.php
You'd better do this way
if(isset($_POST['date_set'])){
$date_set = $_POST['date_set'];
}
then you can use $date_set how you want.
If you still get 00:00:00 for $date_set, the problem is coming from the code which provide you the $_POST value.
I have saved some information in database with MySQL, now i want to show them, cause it contains some tags like <div>, <p>, etc. I just want them showed as raw html code, anyone can tell me how? i try to use `html_entity_decode(), but it does not work.
Example:
<div><b>Prénom/Nom : </b>tantantan tan</div>
<div><b>Pseudonyme : </b>nickname</div>
<div><b>Résidence principale : </b>69001 Lyon 1er</div>
<div><b>Autre résidence : </b> Place bellecours 69002 Lyon 2e</div>
====== in fact , i need to do in this way.
#using serialize() method
$data = serialize($_SESSION);
$sql = "Insert into sessioninfo `data` values('$data')";
and then
# I assume you can retrieve the data from database and assign to the following variable
$data = unserialize($row['data']);
perfectly resolve my problem. thanks everyone.
This is not an mysql_real_escape_string data but html_specialchars() encoded data
you can do the reverse with htmlspecialchars_decode()
Try html_entity_decode:
echo html_entity_decode($string);
Would recommend not to apply htmlspecialchars when you save the database.
The sanitize should be applied when sending output, if necessary.
So I was just testing out the mysql_real_escape(); function and what that does is puts a \ before the ". The when the content is echoed back out onto the page I just get content with \'s before any ". So let's say I posted """""""""""""""""""""""""""" all I get is \"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\" echoed back.
Is there some code to remove the \ when it's echoed back onto the page?
By adding those slashes, mysql_real_escape_string just converts the string into the input format for the database. When the data comes out of the database, it should come out without any of the slashes. You shouldn't need to remove them yourself.
Using stripslashes like others are suggesting would do the opposite of mysql_real_escape_string in most cases, but not all of them, and you shouldn't rely on it for that purpose. Mind you, if you find yourself needing to use it for this, you've already done something else wrong.
stripslashes()
http://php.net/manual/en/function.stripslashes.php
You don't need to unescape, ie. remove the slashes - they don't get inserted into the DB. They are only for passing data to MySQL, they are not written to the db. When you SELECT the data, you won't see the slashes.
Do you know how mysql_real_escape() works. Hint: It allows to encode string for SQL usage. For example mysql_query('SELECT * FROM users WHERE name="'.mysql_real_escape_string($name).'"');. It can be used to insert string which won't escape the quotes for example like " or 1=1 -- " making SELECT * FROM users WHERE name="" or 1=1. You have to activate it just before inserting it database.
When you will read this data, slashes won't exist in any way.
Actually, looking at what is below, I will make this answer, not comment...