homepage Welcome to WebmasterWorld Guest from 54.82.1.136
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
special characters in URL
special characters in URL
fahad direct




msg:4185486
 6:00 pm on Aug 11, 2010 (gmt 0)

I have strange issue in hyperlinks if i am sending parameters like http://example.com/test.php?var=Manufacturer--First&Second

If i am getting by $_Request[var] i am only getting First as it is ignoring Second which is coming after & sign. I have tried with URL encode by putting hexa value of '&' character like %26 in its place but still not picking. I have also tried it as:

First+%26+Second, First%26Second.

 

bedlam




msg:4185498
 6:40 pm on Aug 11, 2010 (gmt 0)

The ampersand ('&') is used to separate different parameters in the query string, so you can't use an unencoded ampersand as part of a query string for other purposes. For example, you might have the a url with query string like this:

http://www.example.com/index.php?foo=1&bar=2

In this case the ampersand only shows that 'foo' and 'bar' are separate parameters. In the case of the 'var=Manufacturer--First&Second' query string, your script interprets 'Second' as an additional (empty) parameter.

There should be no problem either quoting the query string value, or url-encoding it [instruct.tri-c.edu]. What problem did you experience when url-encoding the ampersand? Your sample query string should work as far as I can see.

If I create a php file containing the following code:


<?php
print_r($_GET);
?>

...then access that file with your sample query string:

http://www.example.com/test.php?var=Manufacturer--First%26Second

The program output is:

Array ( [var] => Manufacturer--First&Second )

-- b

AlexK




msg:4185499
 6:44 pm on Aug 11, 2010 (gmt 0)

You need a 2-stage process for all parameters in URLs:

1
urlencode() the parameter
2
htmlentities() the result
3 Use `&amp;' as the separator

(otherwise entity-strings within a parameter will get converted by the browser to the actual entity; see here:
[w3.org ])

So,
    $param1='<some text>';
    $param2='<some more text>';
    $sep='&amp;';
    $url='http://example.com/test.php';

    $param1=htmlentities( urlencode( $param1 ));
    $param2=htmlentities( urlencode( $param2 ));
    $url="$url?var=$param1$sep$param2";

Matthew1980




msg:4185837
 7:40 am on Aug 12, 2010 (gmt 0)

Hi all,

A link in the address bar looking like this:-

index.php?q=foo&bar=pizza

Should be made like this:-

index.php?q=foo&amp;bar=pizza

always put the ampersand like this so that it functions & gets parsed correctly into to address bar.

Also: If i am getting by $_Request[var]

This is poor syntax from a secure & error_reporting point of view, it should be done like this: $_GET['var'] this uses the correct way of accessing the query string & parameters passed through the URL. Note the use of single quotes (you can use double, but that's a preference issue :)) if you don't do that, php will error and give you a notice "undefined index, presumed constant", pop error reporting on, you'll see what I mean.

In the past it has been discussed about the use of $_REQUEST and it's vulnerabilities, fine to use it for localhost/developing, but not for release as you are exposing a lot of information about your site -potentially- to hackers.

Cheers,
MRb

rocknbil




msg:4186105
 6:11 pm on Aug 12, 2010 (gmt 0)

I use AlexK's method, urlencode or rawurlencode on the values themselves, tape it all together with &amp; A note on this,

index.php?q=foo&amp;bar=pizza


You output this in your pages, not in the address bar, so it will be valid (X)HTML output. If you see the &amp; in your address bar you'll need to parse for _$_GET['amp;somevar']. Try it, name this entity.php. :-) Don't change it, just look at the results when you click the links.


<?php
header("content-type:text/html");
if (isset($_GET['amp;oops'])) {
echo "<p>Entity in the address bar is " . $_GET['amp;oops'] . "</p>
<p>Now let's do it right:
<a href=\"entity.php?test=1&amp;oops=Entity-itis\">Click me</a>.</p>";
}
else if (isset($_GET['oops'])) {
echo "<p>Got it, <strong>no</strong> entity in the address bar is " . $_GET['oops'] . "</p>";
}
else {
echo "<p>To validate your code, apply htmlentities to text.
In the following link, the query string is
entity.php?test=1&amp;amp;oops=Entity-itis - watch the
address bar to see what it does by
<a href=\"entity.php?test=1&amp;amp;oops=Entity-itis\">Clicking this link</a></p>";
}
?>

fahad direct




msg:4186374
 8:08 am on Aug 13, 2010 (gmt 0)

Thanks for all very helpful replies.
I am still having the same issue as tried by all above mentioned ways and i am badly stuck what is the actual reason it is not getting the value after & sign, though i can see in my url as: First & Second(if passing &), First %26 Second (if using %26), First &amp; Second (incase of &amp;) but in each case second operand after & is not being retreived either by Request or Get, my page encoding is utf-8 and tried with iso-8859-1 as well.

I want to add one more note that parameters are being passed by variable as var which shouldn't be a problem as i have tried even all possible mentioned ways of conversions before passing var.

AlexK




msg:4186380
 9:03 am on Aug 13, 2010 (gmt 0)

Here's an example of a page on my own site where I need to pass ampersands in a query string for use at the other end (I'll send the actual URL of the originating page to you so that you can check it out). The originating page uses the method that I've outlined previously:
    url: <my_site>/search.php?id=PCI%5CVEN_134D%26DEV_7891%26SUBSYS_0001134D#results
    status bar view: <my_site>/search.php?id=PCI\VEN_134D&DEV_7891&SUBSYS_0001134D#results

fahad direct




msg:4186398
 9:47 am on Aug 13, 2010 (gmt 0)

I got the solution, I have tried it as %2526 which means '%26' as %25 is the code of '%' so %2526 means %26 which works fine but inside query it is showing as & but query is not working.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved