Apostrophe's with mySQL, PHP and URLS

Forum Moderators: coopster

Message Too Old, No Replies

Apostrophe's with mySQL, PHP and URLS

RandallK

8:40 pm on Feb 6, 2010 (gmt 0)

I've read that you shouldn't have anything other than alpha numeric characters, dashes, and underscores in URLs.

So if there was record in a mySQL database that was being passed in a url, like example.com/test.php?name="Steve's" What is the proper way of handling it? Right now I'm passing all the data I get from the database though a function that removes whitespace, and then through htmlentities as well.

Do I ALSO need to pass it through urlencode before I use it in a URL?

IanKelley

1:18 am on Feb 7, 2010 (gmt 0)

Putting aside what some might say you should not do, and going with what will work, you can put a variety of characters in a URL without issues.

However urlencode() won't hurt unless you're trying to save a few CPU cycles. Alternatively you could POST the data which would make encoding/decoding unnecessary.

Your example, though, will work fine without using urlencode. You may need to stripslashes() before you put the data in the URL depending on config.

anand84

8:45 am on Feb 7, 2010 (gmt 0)

I have a very similar issue. What I have done to remove all special characters in the URL is to replace each of them with a null character..

So I have something like replace '&','%' with '','',etc. However, the problem comes with replacing apostrophe with a null. How is that done..I would also like to know..

Readie

5:30 pm on Feb 7, 2010 (gmt 0)

However, the problem comes with replacing apostrophe with a null. How is that done..I would also like to know..

I made mine with a textarea in mind, but the principle is the same.

I managed to replace apostrophees with their numerical code (so it can be adjusted for null) with the following (copied straight from array):

$symb[37] = "/'/";
 
$repl[37] = '&#39;';
 
preg_replace($symb, $repl, $some_stuff);

(The 2 arrays are ksorted)

Works nicely enough

rocknbil

8:31 pm on Feb 7, 2010 (gmt 0)

replacing apostrophe with a null. How is that done..I would also like to know.

LOL . . . oops. almost the exact same solution . . .

$apo = "'"; // note: double quotes containing the single
$apo_replace = NULL;

$txt= preg_replace("/$apo/",$apo_replace,$txt);

Though this is one of the cases where str_replace would be more appropriate (no need for preg).

$txt = str_replace("$apo",$apo_replace,$txt);

TheMadScientist

9:46 pm on Feb 8, 2010 (gmt 0)

Option Number 4217:
$str=htmlentities($str,ENT_QUOTES);

AND Option Number 4218:
$str=rawurlencode($str);