so is there any way to do it. i want to put a string as the cookie name instead of a definite cookie name?
The cookie name is always a string. Do you mean if you can substitute it with a variable? Yes, as with any other string.
setcookie($someString, ...);
$_COOKIE[$someString];
Related
Can I pass URL as string to setrawcookie() in PHP ?
For example:
setrawcookie('Cookie', 'Owner=me&Website=http://my.website.com')
I am asking, because for some reason my cookie in the browser looks like:
Owner=Me&Website=
I assume the issue is tied with the character set.
Encode the cookie value, and decode when retrieving it back.
http://php.net/manual/en/function.htmlentities.php
Change:
setrawcookie('Cookie', 'Owner=me&Website=http://my.website.com')
To:
setrawcookie('Cookie', "Owner=me&Website=http://my.website.com")
I have a string defined like:
DEFINE('IMAGES_DIR',"/portal/images/");
After I place it inside of a cookie its content becomes
%2Fportal%2Fimages%2F
I need the string to return like:
/portal/images/
I'm kinda combining two answers mentioned here.
1st
what you described is the default behaviour, PHP will automatically decode it to its original value, you don't need to do urldecode($_COOKIE['name']);
2nd
You can prevent automatic url encoding by using setrawcookie()
Docs
Note that the value portion of the cookie will automatically be urlencoded when you send the cookie, and when it is received, it is automatically decoded and assigned to a variable by the same name as the cookie name. If you don't want this, you can use setrawcookie() instead if you are using PHP 5.
Use urldecode when getting cookie value:
echo urldecode('%2Fportal%2Fimages%2F');
or
//for cookie
echo urldecode($_COOKIE['IMAGES_DIR']);
//for your example above with the contant
echo urldecode(IMAGES_DIR);
This might be a basic question and I've been searching for a safe and clean way to do this. Im passing a normal string which CAN include special characters (like $ ^ % etc). How can I do this in the url? For example I have a variable called $text which In addto.php from $_GET. How do I then transfer this to more.php?
'more.php?varname='.urlencode($_GET['text']);
urlencode sounds like what you want.
(from the docs)
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next page.
You can pass data through an URL, it should be in the form of key/value pairs, but you shouldn't use it to pass too much data because an URL has a limit. You also should not pass sensitive information.
A key/value pair is something like this:
key=value
If you have more then one pair, you need to separate them using the & char. Here is an example:
myScript.php?color1=blue&color2=red
The string after ? is called the Query String. With PHP you can easily access those key/value pairs using the super-global $_GET. So, in myScript.php you do:
$a = $_GET['color1'];
$b = $_GET['color2'];
Now, if you are going to create a dynamic query string, you should use urlencode() at least, so any special characters will be translated to maintain a proper URL format.
Please read the following:
http://php.net/urlencode
http://php.net/manual/en/function.http-build-query.php
I have done urlencode of the variable before passing to the URL
http://example.com/Restaurants?alias=F%26B
But when I try to print like in the page
$alias = rawurldecode($_GET['alias']);
echo $alias;
it prints only F. How to solve this?
I doubt that $_GET['alias'] exists when requesting a URL with the query aliasF%26B. It’s rather $_GET['aliasF&B'] that’s getting populated.
In this case you need to use $_SERVER['QUERY_STRING'] to get the full query.
It looks like you are not using the query string "correctly." It should be in key=value pairs. I would look at using $_SERVER['QUERY_STRING'] to get your information instead.
You don't need to urlencode the pair. You only need to urlencode name and a value as such:
Wrong:
urlencode('aliasF=B')
Correct:
urlencode('aliasF') . '=' . urlencode('B')
AFAIK $_GET are already decoded.
See php.net
The superglobals $_GET and $_REQUEST
are already decoded. Using urldecode()
on an element in $_GET or $_REQUEST
could have unexpected and dangerous
results.
It is possible to solve this problem by using a different encoding system specific for your situation:
function encode($string)
{
$result = str_replace("|","||",$string);
return str_replace("&","|20",$result);
}
function decode($string)
{
$result = str_replace("|20","&",$string);
return str_replace("||","|",$result);
}
This will basically create a separate escaping system using the '|' character. That character can be anything you normally don't use and isn't an field separator.
Here, Apache won't transform the URL to something different, thus voiding the conversion. Also browsers won't transform it.
Mind that you would decode($_GET['alias']) and encode() the url that the user is pressing or the script is following.
I am looking to have a list of arguments passed across in an a URL.
$url['key1']=1;
$url['key2']=2;
$url['key3']=3;
$url['key4']=4;
$url['key5']=5;
$url['key6']=6;
$url['key7']=7;
Please Note I am trying to pass this in the URL in 1 GET variable. I know this would be better done by ?key1=1&key2=2&key3=3...etc but for reasons that are too complicated to try and explain they can't be in this format.
Any suggestions how I can convert this array into something that can be passed as 1 get var in a URL string?
Thanks in advance.
You can use json_encode() or serialize()
$myUrl = 'http://www.example.com/?myKey=' . urlencode(json_encode($url));
or
$myUrl = 'http://www.example.com/?myKey=' . urlencode(serialize($url));
Using json_encode will usually give you a shorter string, but very old PHP version might not have the json_decode function available to decode it again.
The final way would be to create your own custom encoding... it could be as simple a pipe-separated values: key1|1|key2|2|key3|3
This would give you the best option for a short URL, but is the most work.
Try http_build_query:
$url['key1']=1;
$url['key2']=2;
$url['key3']=3;
$url['key4']=4;
$url['key5']=5;
$url['key6']=6;
$url['key7']=7;
echo http_build_query($url);
//echos key1=1&key2=2&key3=3&key...
What it does is converting an array into a query string using the keys and automatically takes care of url-encoding.
EDIT:
Just read your additional requirement that it should be just one variable. So nevermind this answer.
If your problem was the proper encoding though you might want to give this another try.
Hope that helps.
The recommendation to use serialize() is fine. If space is an issue, then use a combination of bzcompress() and serialize().
However, there's a security considering that hasn't been brought up, and that's that the end user (who can see and edit this url) could manipulate the data within it. You may think it's difficult, but most of the PHP-attacking worms in the wild do this to some degree or another.
If letting the user directly manipulate any of the keys or values (or replacing it with an integer, or an object, or anything else), then you should protect your script (and your users) from this attack.
A simple solution is to simply use a shared secret. It can be anything; just so long as it's unique and truly secret (perhaps you should randomly generate it at install-time). Let's say you have in your config file something like this:
define('SECRET', 'unoqetbioqtnioqrntbioqt');
Then, you can digitally sign the serialized data created with: $s=serialize($m) using $k=sha1($s.SECRET) and make the url value $k.$s
Then, before you unserialize() do this:
$v=substr($input,0,40);
$s=substr($input,40);
if ($v != sha1($s.SECRET)) { die("invalid input"); }
$m=unserialize($s);
This way, you know that $m is the same as the original value that you serialized.
If you like, you can use the following drop-in replacements:
define('SECRET','buh9tnb1094tib014'); // make sure you pick something else
function secureserialize($o) {
$s=serialize($o);
return sha1($s.SECRET).$s;
}
function secureunserialize($i) {
$v=substr($i,0,40);$s=substr($i,40);
if ($v!=sha1($s.SECRET)){die("invalid input");}
return unserialize($s);
}
You could serialize them as key-value pairs when constructing the URL, putting the resultant serialized value in a single $_GET variable (e.g. data=sfsdfasdf98sdfasdf), then unserialize the $_GET["data"] variable. You'll need to use urlencode to make sure the resultant serialized values are URL-safe. Make sure you watch out for maximum URL lengths - 2083 characters in IE.
However, unless you really can't use key-value pairs in URLs (per your question), key1=foo&key2=bar... is definitely the way to go.
If you don't mind dropping the key names, you can use
http://example.com?url[]=1&url[]=2&url[]=3
EDIT Keeping the key names:
http://example.com?values[]=1&values[]=2&values[]=3&keys[]=1&keys[]=2&keys[]=3
Then in your PHP script:
$url = array_combine($_GET['keys'], $_GET['values']);
Could you solve your problem by saving the data as a HTML cookie? That way you don't have to modify the URL at all.
If you know the values in advance, you can set them from the server side when you send the user the page with your target link on it.
If you won't know the values until the user fills out a form it can still be done using JavascriptL When the user clicks the form submit you can set multiple cookies by making multiple javascript calls like:
document.cookie = 'key1=test; expires=Mon, 7 Sept 2009 23:47:11 UTC; path=/'
The security model might give you some trouble if you are trying to pass this data from one domain to another though.