Accept %26 in query?

[d3ll]

Hi All,

 

Just joined up, ive only been dabling with PHP for the last few days but so far so good..

 

Anyway, is there a way to accept %26 as a query separator instead of an &? Ive read conflicting info and havent been able to get anywhere.

 

I have a PHP script that makes a simple SQL query, all was going well but in some cases it is being passed an encoded URL, which breaks the query, eg:

 

?var1=a&var2=b in the URL works fine but ?var1=a%26var2=b does not..

 

Anyone any ideas?

[jackpf]

You could just use str_replace('%26', '&', $url); instead.

[d3ll]

Thanks for the quick reply, I'd just started Reading about that, would that go in the php script that needs to accept the %26 or do I need to to create another?

[jackpf]

Well, wherever you're using the string that you need to replace the %26 with an &

 

Try putting this at the top of your script:

<?php
function replace_26_percent($url)
{
return str_replace('%26', '&', $url);
}
?>

 

Then whichever string you want to replace %26 with &, just do this:

 

<?php
echo replace_26_percent('http://www.url.com?a=a%26a=a');
?>

[Mchl]

How about urldecode

[jackpf]

I didn't even know that function existed

[Mchl]

Make browsing the manual your hobby. ;P

[jackpf]

Lol yeah...

There are quite a few functions in that manual.

[RussellReal]

could you show the script?

 

I follow your question, although the answers you're getting are kinda leading FROM a request, not TO a request, basically the responses here are telling you how to manage the query string in the script file itself, not to prevent the %26 in the first place..

 

replacing %26 could potentially cause errors as far as url encoding is concerned..

 

if you did str_replace('%26','&',$query);

 

an there is a & in the request which SHOULD be url encoded, you will have a malformed request when you try to explode it by & and you will find yourself bald with plenty scratch-induced cuts in your beard..

 

so the best method to solve this problem is to correct the issue instead of working around the issue, and I'm more than certain there is something in your code which is causing the issue

[d3ll]

I had a quick try with the str_replace and couldnt get it working, probably something im doing though.

 

The initial request is not coming from a PHP script that I have control of, but here is the script that is recieving the URL:

 

<?

    
  $name = $_GET['name'];
  $myuid = $_GET['myuid'];

  $service = "localhost";
  $username = "";
  $password = "";
  $database = "";


mysql_connect($service, $username, $password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "SELECT * FROM scores WHERE mode = 0 ORDER BY score DESC";
$result = mysql_query($query);
$num = mysql_numrows($result);

$loopindex = 0;
$found = false;

while ($loopindex < $num && $loopindex < 25) {

$thisname = mysql_result($result, $loopindex, name);
$thisscore = mysql_result($result, $loopindex, score);
$thisuid = mysql_result($result, $loopindex, uid);


    if ($thisname == $name && $thisuid == $myuid){
	$found = true;
echo ("$loopindex $thisscore $name\n");
}else{
	if($loopindex == $num - 1 && $found == false){
		echo ("00 No Score");
	}
}

$loopindex++;
}

?>

 

Hope that helps...

 

[killah]

& make's it return as &.

[d3ll]

Ive tried using & in the URL and that fails too.

 

Ive added the below to the top of the script that recives the URL:

 

$query = $_SERVER["QUERY_STRING"];

$stripped = str_replace('%26', '&', $query);
echo ("$stripped\n");

 

That does echo the URL as it should be with the %26's replaced with &'s..but the rest of the script fails.

[jackpf]

How exactly does it fail?

[killah]

Even tho its replacing it, it still outputs as %26.

 

Why don't you just add the & in the url? :S

[d3ll]

The SQL query didnt return the expected result, im assuming because it was using the GET variables?

 

Ive found a way around it using the below:

 

$query = $_SERVER["QUERY_STRING"];

$array = explode("|",$query);

$array[0]; 
$array[1];   
  
$name = $array[0];
$myuid = $array[1];

 

Now if I replace the & in the URL with a | it isnt encoded and the query works fine

 

Are there any down sides to doing it this way?