Jump to content
cutielou22

Trouble with showing image in url

Recommended Posts

Here is a example link: https://site.com/this_here/page.php?note=W+srchttp:>e+have+some+text+here.

That shows up fine like it is supposed to, but when I want a image to show up with in it - in html - it makes the whole page wonky.

Example Problem: https://site.com/this_here/page.php?note=We+have+some+text+here.+<img src=imagelink.png>

I have it on any page that is now set to show an image link that. I used to not have problems with this and now I do. The 'note' text comes from a $_GET and is not decoded or anything - which you shouldn't do I know.

I tested by taking out one "<" thinking that was the problem. And that made it so the page wasnt wonky but then you know just the text appeared.

I also tested leaving in both "<>" from the img tag and taking out the "=". That also makes it so the page isnt wonky anymore. Does just the same as taking out a "<>".

This seems like a really weird error to me, but maybe there is something I should or shouldn't be doing that I am not thinking of.
 

Share this post


Link to post
Share on other sites

What is your real problem? Because allowing there to be HTML markup in the query string that you then display on the page is very much not the right solution.

Share this post


Link to post
Share on other sites

I want it show something like "You found this *item here*." and have it show a picture with it - without the page messing with my layout.

Is that bad or something?

Share this post


Link to post
Share on other sites

It's not good to take some message in the URL and show it right on the page: anyone could repurpose that message to show whatever they wanted. You'd have to do some sort of validation, "is this message okay", and that's ~difficult~.

How are people getting to this page.php? Can you use a form for it? You could POST a piece of data (not a message), like whatever this thing that they found is, then page.php can look for the form data and display the message (which it figures out in its own).

Share this post


Link to post
Share on other sites

For example, if they just won a game and received a trophy for it. It takes them to a page to update the database with the trophy they just won and perhaps their score. It then redirects immediately back to the game in a die(header(Location: link.com/here.php?note=You+won+a+trophy.+<img src=trophylink.png>)).

Share this post


Link to post
Share on other sites

Why send them to another page if they're just going to come back? Take care of it all on the one page. Possibly with AJAX so you don't have to redirect the user at all.

They win and get a trophy. The very act of winning should come with a request to your server to update the fact that they won - and also give the trophy. The page does that with AJAX, and when it finishes it displays the message on the page.

Share this post


Link to post
Share on other sites

Okay . . . . but do you know why I am getting this error or what I can do to fix it (besides switching my entire site to ajax)? It also sometimes throws in a 406 Not Acceptable The server cannot send data in a format requested.

Share this post


Link to post
Share on other sites

Yes I do know what's causing it, and the answer is unfortunately that you need to change how this process works.

Not every problem has a simple solution.

Share this post


Link to post
Share on other sites

I never had this problem before though. I don't know what started it. Not sure what I changed to effect it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.