Welcome to WebmasterWorld Guest from 18.207.136.184

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

<A href problem

How to place spaces in href?

     
9:14 pm on Dec 17, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 26, 2003
posts:1133
votes: 0


I want to send sql question through _GET. When I write
onclick="self.location.href='index.php?id1=1&q=SELECT * FROM base WHERE id='4'"
everything is fine. The problem comes when I want to do this through <a href

This wouldn't be such a problem, however I do change all spaces to %20 etc, so it looks like:
<a href=index.php?id1=1&q=SELECT%20*%20FROM%20base%20WHERE%20id=%274%27">
And it doesn't work. If I place mouse over the link all the %20 are translated to spaces automatically and I get $_GET["z"] empty string.

What to do?
With best Christmas whishes

Michal Cibor

9:20 pm on Dec 17, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Feb 28, 2001
posts:208
votes: 0


I don't really know the solution to your problem. I just wanted to point out that sending sql through the url like that is incredibly insecure. What do you have in place to prevent someone rewriting the get information to do bad things to the database?
9:27 pm on Dec 17, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 26, 2003
posts:1133
votes: 0


So what would you recommend? On the other hand, I'm storing last question in a database, so I think you're right. I shall change it at once!

Thnx

However about the question I'm really intrigued why did it happen. Can anyone answer me?

11:46 pm on Dec 17, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15756
votes: 0


why?

the first thing I notice is $_GET["z"]. Shouldn't that be $_GET['q']? I don't see a z listed as a param in the query string.

evinrude is spot on, never ever pass queries in your url. The more someone knows about your db the more likely it is to be exploited/destroyed.

this url entered by someone, would cause an issue I would think

index.php?id1=1&q=DELETE FROM base // don't try this url as it may delete the contents of the base table

I would go with something like this though. Given this url
index.php?id1=1&q=SELECT * FROM base WHERE id='4'

changed to
index.php?id1=1&q=4

and in index.php you could have something like

if (isset($_GET['q']) && is_numeric($_GET['q'])) { 
$query = "SELECT * FROM base WHERE id='" . $_GET['q'] . "'";
$statement = mysql_query($query);
}

or something to that effect.

8:38 pm on Dec 19, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 26, 2003
posts:1133
votes: 0


Okey, okey! I agree. It was a bad example of passing a SQL question.
It should be $_GET["q"], not z. just I use z in my questions, therefore the mistake.

I have completely changed my code and am passing the question through database. But the main question stayes:

Why does the mozilla translate %20 in <a href into spaces so that $_GET doesn't see it? In source (view -> source) it's not translated.

Is there anyone out there, that can answer my question?

Merry Christmas
Michal Cibor

5:34 am on Dec 20, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
posts:15756
votes: 0


because a space is not valid in a url, it needs to be %20
8:26 am on Dec 21, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 26, 2003
posts:1133
votes: 0


I know Jatar. I'm not so stupid as to put space in <a href, I put %20. The href looks like:

<a href="index.php?id=1&text=Mr%20Smith"

however if I place my mouse over this link in Mozilla I see it translated into:
bla.com/index.php?id=1&text=Mr Smith

and in the variable $_GET["text"] is only Mr.

That's the main problem, which I don't understand.

2:15 pm on Dec 21, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12555
votes: 3


Are you doing any type of url rewriting (mod_rewrite)?
3:42 pm on Dec 22, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 26, 2003
posts:1133
votes: 0


Yes. I use the str_replace([array], [array], ) function, to it to and fro.
The generated html looks fine (in the view source mode), on mouse over the link in status there are still spaces
source: <a href=i.html?t=Hello%20World>
status: i.html?t=Hello World

Now it's just a curiosity. At first I was doing (badly) passing the sql question into a frame (now i'm passing it through a database, not efficient, but enough for me).

So what I would like to gain from this answer is not a all around way how to do it (I could just change " " into eg "h-v-space"), but a rational explanation, why does Mozilla (not sure now which version, but I'm using the latest Aurox) translates %20 into " " and doesn't pass it into url, so I don't get the whole text in $_GET["t"].

Merry Christmas Webmasterworld and everyone!

6:30 pm on Dec 23, 2004 (gmt 0)

Administrator

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 31, 2003
posts:12555
votes: 3


The status bar doesn't show the %20, nor any other encoding. It doesn't in my versions of Mozilla-based browsers nor does it in MS IE. I can hover over a link and in the status bar the link looks just like if I would have typed it.

The variable and it's value do get passed in the query string, though. Completely, no breaks after spaces or otherwise. Here's a simple test:

<pre> 
<?php
if (isset($_GET['name'])) {
print_r($_GET);
}
?>
<a href="<?php print $_SERVER['PHP_SELF'] . '?name=Mr. Smith';?>">Click here</a>
</pre>
By the way, I was asking if you are using an Apache RewriteRule of some sort. Not str_replace(). If you are using mod_rewrite, there may be something in your rule that is parsing your query string incorrectly.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members