I have made one form in which there is rich text editor. and i m trying to store the data to database.
now i have mainly two problem..
1) As soon as the string which contents "#"(basically when i try to change the color of the font) character, then it does not store characters after "#". and it also not store "#" character also.
2) although i had tried....in javascript
html.replace("\"","'");
but it does not replace the double quotes to single quotes.
We'll need to see some code. My feeling is you're missing some essential escaping step somewhere. In particular:
As soon as the string which contents "#"(basically when i try to change the color of the font) character
Implies to me that you might be sticking strings together into a URL like this:
var url= '/something.php?content='+html;
Naturally if the html contains a # symbol, you've got problems, because in:
http://www.example.com/something.php?content=<div style="color:#123456">
the # begins a fragment identifier called #123456">, like when you put #section on the end of a URL to go to the anchor called section in the HTML file. Fragment identifiers are purely client-side and are not sent to the server, which would see:
http://www.example.com/something.php?content=<div style="color:
However this is far from the only problem with the above. Space, < and = are simly invalid in URLs, and other characters like & will also mess up parameter parsing. To encode an arbitrary string into a query parameter you must use encodeURIComponent:
var url= '/something.php?content='+encodeURIComponent(html);
which will replace # with %35 and similarly for the other out-of-band characters.
However if this is indeed what you're doing, you should in any case you should not be storing anything to the database in response to a GET request, nor relying on a GET to pass potentially-large content. Use a POST request instead.
It seems that you are doing something very strange with your database code. Can you show the actual code you use for storing the string to database?
# - character is a common way to create a comment. That is everything starting from # to end of line is discarded. However if your code to store to database is correct, that should not matter.
Javascript is not the correct place to handle quote character conversions. The right place for that is on server side.
As you have requested....
I try to replay you... I try to mention exact what I had done...
1) on the client side on the html form page I had written like this..
html = html.trim(); // in html, the data of the rich text editor will come.
document.RTEDemo.action = "submit.php?method='"+ html.replace("\"","'") + "'";
\\ i had done replace bcz i think that was some problem with double quotes.
now on submit.php , my browser url is like this...
http://localhost/nc/submit.php?method='This is very simple recipe.<br><strong style='background-color: #111111; color: #80ff00; font-size: 20px;">To make Bread Buttor you will need</strong><br><br><blockquote><ol><li>bread</li><li>buttor</li></ol></li></blockquote><span style="background-color: #00ff80;">GOOD.</span><br><br><br><blockquote><br></blockquote><br>'
2) on submit.php ........I just write simply this
echo "METHOD : ".$_GET['method'] . "<br><br>";
$method = $_GET['method'];
now my answer of upper part is like this...
METHOD : 'This is very simple recipe.
now i want to store the full detail of URL....but its only storing...
This is very simple recipe.
Related
I have simple problem, I have to replace %20 and other crap from URL. At the moment it looks like this http://exmaple/profile/about/Eddies%20Plumbing. As you can see it's profile link.
Yes I could add str_replace values before every hyperlink, but I have like 10 of them and I think it's bad practice. Maybe there is better solution? What solution would you use? Thanks.
That is not crap, that is a valid unicode representation of a space character. And it's encoded because it's one of the characters that are deemed unsafe by RFC1738:
All unsafe characters must always be encoded within a URL. For
example, the character "#" must be encoded within URLs even in
systems that do not normally deal with fragment or anchor
identifiers, so that if the URL is copied into another system that
does use them, it will not be necessary to change the URL encoding.
So in order to have pretty URLs, you should avoid using reserved and unsafe characters which need encoding to be valid as part of a URL:
Reserved characters: $ & + , / : ; = ? #
Unsafe characters: Blank/empty space and < > # % { } | \ ^ ~ [ ] `
Instead replace spaces with dashes, which serve the same purpose visually while being a safe character, for example look at the Stack Overflow URL for this question. The URL below looks just fine and readable without spaces in it:
http://exmaple/profile/about/eddies-plumbing
You can use Laravel's str_slug helper function to do the hard work for your:
str_slug('Eddies Plumbing', '-'); // returns eddies-plumbing
The str_slug does more that replace spaces with dashes, it replaces multiple spaces with a single dash and also strips all non-alphanumeric characters, so there's no reliable way to decode it.
That being said, I wouldn't use that approach in the first place. There are two main ways I generally use to identify a database entry:
1. Via an ID
The route path definition would look like this in your case:
/profiles/about/{id}/{slug?} // real path "/profiles/about/1/eddies-plumbing"
The code used to identify the user would look like this User::find($id) (the slug parameter is not needed, it's just there to make the URL more readable, that's why I used the ? to make it optional).
2. Via a slug
The route path definition would look like this in your case:
/profiles/about/{slug} // real path "/profiles/about/eddies-plumbing"
In this case I always store the slug as a column in the users table because it's a property relevant to that user. So the retrieval process is very easy User::where('slug', $slug). Of course using str_slug to generate a valid slug when saving the user to the database. I usually like this approach better because it has the added benefit of allowing the slug to be whatever you want (not really needing to be generated from the user name). This can also allow users to choose their custom URL, and can also help with search engine optimisation.
The links are urlencoded. Use urldecode($profileLink); to decode them.
I am parsing the url tha i got in this way ->
$replacingTitle = str_replace('-',' ',$title);
<a href="example.com/category/{{ str_slug($article->title) }}/" />
In your view ...
{{$comm->title}
and in controller using parsing your url as
public function showBySlug($slug) {
$title = str_replace('-',' ',$slug);
$post = Community::where('title','=',$title)->first();
return view('show')->with(array(
'post' => $post,
));
}
i am processing a activation link.which looks like this.
localhost/actvte/validate.php?type=activate&geo=define&
value=227755RYQBENU5G8WE7RFPO6CD6Z#MJ1H1FA#G#IZWZ53903
&target=loaded&resrc=G6MYMI2R67727229911380184297841084713071U8VUYIGR
&master=user#gmail.com
but when i use $_get['value'] i get o/p only "227755RYQBENU5G8WE7RFPO6CD6Z".after this whole link becomes useless.if i do
echo $_get['target']; or echo $_get['master'];
it says undefined variable 'target' or 'master'.
so how can i process this large link.
What you should do is use the urlencode() function in PHP on the string before putting it in the GET. This way your string becomes 227755RYQBENU5G8WE7RFPO6CD6Z%23MJ1H1FA%40G%23IZWZ53903 and not 227755RYQBENU5G8WE7RFPO6CD6Z#MJ1H1FA#G#IZWZ53903 as special characters cannot be used in the query string.
Hashes for example will never even be send by the browser to the server, so everything behind that will not reach you.
Please look at RFC 3986 for more information about the URI syntaxing (including hashes).
By not using or properly encoding the fragment identifier (#).
You should not use # in the URL but encode it some way, or use another character.
The first # in a URL indicates the start of the fragment identifier. If you want to send it as data rather then a separator component of a URL then you need to express it as %23.
I am trying to add a user-defined string to information passed to a third party via href. So I have something that will look like
Link Text
USERSTRING is known when the page loads so it could be put in the href by php when the page loads, or I can dynamically add it with javascript.
What I don't know is what I need to do to escape any special characters so that the link works and can be read on the other end - USERSTRING could be something really annoying like: [He said, "90% isn't good enough?"] The data is only used in an auto-generated file name so it doesn't need to be preserved 100%, but I'm trying to avoid gratuitous ugliness.
The urlencode() function provides exactly what you are looking for, ie:
Link Text
You need to urlencode it. If the variant of urlencode you end up using doesn't encode '&', '#', '"', and angle brackets as it should then you'll need to HTML encode it too.
I wrote a script that when you enter a textbox, it will open an invisible iframe to a .php file with $_GET of what they wrote into the textbox.
However, for example, if I type: '<3' in it, this is what happens.
PHP determins that the $_GET[s] is blank! Users cant put a simple <3 symbol without getting that error.
Another problem is quotes, if I write any quotes, it will end the entire SRC property.
What should I do? Should I do something with javascript, or even PHP? Please let me know!
Thanks!
Use urlencode to encode the inputted string into a valid one for URL use.
Also be very cautious when allowing user input into your PHP script through the URL. Make sure you do proper checks/sanitization, especially if database operations are involved.
It looks like your iframe is generated by JavaScript, so all those answers that include PHP functions are useless. The data isn't even reaching PHP, so how can any PHP function hope to help?
Instead, try using urlencode from PHPJS, since none of JS's functions really handle all cases well, and this makes it easy for you to use PHP's urldecode to retrieve the data.
You need to encode that character as <.
Regarding double quotes, you can use this trick.
attr='Your string can "contain double quotes"'
or
attr="Your string can 'contain double quotes'"
but while specifying variable=values in url, you don't need to user double quotes, you can directly assign the values.
like
url="test.php?var1=123&var2=345"
rest about sending the <3 characters, you can check for url encoding in javascript & PHP whichever applicable!
Just noticed that when using single quotes to echo a basic link in php, the url repeats itself.
<?php
echo 'Link URL - Single Quotes<br />';
?>
The above code outputs the link as:
http://example.com/"http://example.com/"
Can anyone shed some light on the reason for this?
You shouldn't \-escape your " when you're using ' to surround the string as a whole. This couldn't create that output itself, but it might confuse a parser somewhere down the line, producing the problem. Try this instead:
echo 'Example.com<br />';
Use PHP to output dynamic data and leave the HTML out of it. This will save you hours of quotation frustration
?>
Example.com<br />
<?php
// carry on with the PHP
echo 'Example.com<br />';
outputs
Example.com<br />
The backslashes are included in the final output and most likely trip up the HTML parser.
You're escaping the double quotes. It isn't necessary when using single quotes and vice-versa.
<?php
echo 'Example.com<br />';
?>
The above code outputs the link as:
http://example.com/"http://example.com/"
No, it doesn't produce that output.
This is what you see in the browser when you put the cursor over the link and when you click on the link. It's part of the browser's job to resolve the relative and incomplete links, but what it shows to the user is, most of the times, not what it is written in the HTML code.
Use the browser's "View Source" functionality to see the HTML generated by your code.
The (invalid) HTML produced by your code is:
Link URL - Single Quotes<br />
The browser interprets \"http://example.com\" as the value of the href attribute. The HTTML attribute values can be either enclosed in quotes (") or apostrophes (') or unquoted at all and the quoting character must be the first non-space character after the equal sign (=). Because it finds a backslash (\) after the equal sign, it concludes the attribute value is not quoted and read everything until the first whitespace or until the tag ends (>) as the attribute's value.
The value \"http://example.com\" is not a valid URL and the browser handles it as an incomplete URL. An incomplete URL needs to be resolved to a complete URL in order to be used. It doesn't look like a relative URL (doesn't start with ..), it doesn't look like an absolute path without a host name either (doesn't start with /). The only way to resolve it is to treat it as a file name located in the same directory as the page that is currently loaded. Chances are that your offending code runs in a page located in the root of your website (http://example.com/index.php, for example).
I won't provide a fix for your problem here. The question already have plenty of answers that provide you various ways to avoid this happen.
However, take a look at the strings documentation page in the PHP manual. All you need to know is explained there.