HTML Escaping URL Get
I'm probably not doing something really simple but at 2am my brain is just fried!
The following code is part of a filtering review form:
the above section of the code is intended to capture the url section of the current web address. This a long with a couple of other variables are posted from a cgi script. e.g. an example web address for the form:
<input name="url" value="<?php echo $_GET['url']; ?>" id="url" size="40" /></font></td>
Unfortunately because of the way Google and some other websites work they actually use &'s in the url which doesn't help matters for my form. So when the form grabs the value it ends up as
and then &q=*query* + &meta=*meta* becom like additional posted values - if you like.
I imagine I need to do some html escaping in my coding to replace the &'s from the url section of the web address. I can move the url string to the end of the address so it doesn't interfere with any other values. Am hitting a bit of a brick wall - little help how I can achieve getting the form to grab the proper url string value?
it's early and i can't think straight either, php not a strong point, but,
can't you grab the whole url string from address bar not just the posted variable 'url'. then find 'url' and extract from 'url's position to end of line?
Ok, so in the office now, this is ripped from some code i've got on the intranet.
The following will display the query string i.e. everything after the question mark, on screen. You can put that in a variable and parse for data after URL. It's not the most elegant and i'm sure there's a way to pull back the lot using GET_ because it is an array command after all (i think).
<?php echo $_SERVER['QUERY_STRING'];?>
Don't completely understand what you're trying to do but it looks like what ASP does using "htmlencode" - googling for that with PHP found this page which suggests that "htmlspecialchars" might do the tidying you need.
Thanks will take a look.
Originally Posted by vikpaw
Was playing around with htmlspecialchars last night - could have just been too late for me to comprehend how to code properly. Shall give it another go today.
Originally Posted by srochford
Have edited my main post with a bit more detail - should make more sense now after some sleep :p
Guess I better get up for work too :D
If I've understood correctly, you're asking the user to enter a url which you later want to use in your feedback form. Sending this through GET will confuse things because any query string in the url will be interpreted as a query string for the current page. I don't think you can encode the value on form submission (to make the $_GET['url'] not stop on the first "&" thinking it's reached the end of the 'url' part), so to my mind the answer is to use POST. Change the method of your form (method="post"), and look in the $_POST array instead of $_GET. Things should be a lot more straightforward there.
If I've not understood quite right, then maybe PHP: urlencode - Manual and/or PHP: urldecode - Manual could be helpful?
I've attached an image.
Typically I'd like the end user never to enter the url manually - it would end up with the form never being used. That's why I've been using GET because it pulls the value from the url which a CGI script creates.
I'm thinking it may just be easier to have an optional field in the database to grab a "q=" value if exists.
You can see the two fields on the form circled in red - these are normally hidden fields.
Went for q as an additional value in the database!