#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2013
    Posts
    40
    Rep Power
    0

    Help with special character PHP


    I want my url to look like
    locl.cms.com/upload/season.php?sid=20&currentPage=1

    and this is my code:
    PHP Code:
     echo'<form action="" method="get">

    <button id="previouspage" name="'
    .$encodedURL.'" type="submit" value="'.$page.'">Previous Page</button>
    <button id="nextpage" name="currentPage" type="submit" value="'
    .$pageN.'">Next Page</button>
    </form>'
    ;
    echo 
    "Inside Div";
    echo 
    '</div>'
    =========
    where
    $url='sid='.$sid.'&currentPage';
    $encodedURL=urlencode($url);

    when i click previouspage button , my url becomes locl.cms.com/upload/season.php?sid%253D20%2526currentPage=1
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    there are two problems.

    First of all, you misunderstand the purpose of urlencode(). What this function does is escape characters so that they can be used as data in a URL. Some characters like "?" have a special meaning in URL, so if you want to use them literally, they need to be escaped.

    When you run your whole URL through urlencode(), then you break all meaningful characters, because they're all escaped. You need to escape the data like $sid. And then you need to HTML-escape the URL (for security reasons and to avoid the infamous ampersand issue).

    The next issue is that for some reason you apply urlencode() twice. This way you end up with a completely garbled URL.

    You need something like this:

    PHP Code:
    <?php

    $foo 
    'speci&l';
    $bar 'speci%l';

    $url 'http://example.com?foo='.urlencode($foo).'&bar='.urlencode($bar);
    $escaped_url htmlentities($urlENT_QUOTES'UTF-8');

    echo 
    $escaped_url;
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2013
    Posts
    40
    Rep Power
    0
    Thanks

IMN logo majestic logo threadwatch logo seochat tools logo