Re: [PHP] Lions and tigers and slashes, oh my!
Bear (pun intened) with me on this one i havn't read the whole thread, so you may get a repeat answer. On Fri, Jan 13, 2006 at 10:55:00AM -0600, Jay Blanchard wrote: > I am having a problem with a an ampersand sign. I have a list of things on a > page, in which one category is 'Oil & Gas'. I store it in the database as > 'Oil & Gas'. When the category is clicked the query string shows just an > ampersand, i.e. The database should really hold text/plain, not text/html. If you take the string 'Oil & Gas' out side of the context of html that & is a rather strange sequence of characters. > "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm > ents=" and therefore just shows as an '&' and the query only sees 'Oil'. You forgot to urlencode() each value that is passed. And say you did urlencode the data you would have: Filter=Process&FilterKey=Oil+%26+Gas Now the $_GET['FilterKey'] is 'Oil & Gas' If you do a search on the db for this value with something like: $cat = mysql_real_escape_string($_GET['FilterKey']); $sql = "select * from table where cat = '$cat'"; You will come back with 0 results since you really have in that cat field 'Oil & Gas'. > > I guess that I am too tired to deal with this or the answer would come to > mind immediately. Can someone drop kick me in the right direction? Thanks! Remember: characters only have meaning in the context they are used If I want to use 'Oil & Gas' in: html: i need to html_entity_docode()/htmlentities() it sql: i need to ensure it is escaped *_escape_string(); url: i need to urlencode() it. plain/text: just an echo/print store on a main frame: ASCII2EBCDIC() it Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Lions and tigers and slashes, oh my!
[snip] [/snip] Well said Richard, well said. That is ultimately what I went and did. I am just operating on too little sleep right now, and a couple of times today the simplest things eluded me. I made sure that all of the &'s were change to & in the database (one I inherited, not an excuse, just a point). I have decided that I am going to walk out of this beast in just a few minutes, go srink a couple of brews with da' boys, get some food, and hopefullt stay up long enough to catch battlestar Gallactica. If I don't make it that far the TIVO will catch it. I may even leave my laptop locked up all weekend. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
On Fri, January 13, 2006 10:55 am, Jay Blanchard wrote:
> I am having a problem with a an ampersand sign. I have a list of
things on a
> page, in which one category is 'Oil & Gas'. I store it in the
database as
> 'Oil & Gas'.
Don't.
The DATA to be stored in the database is 'Oil & Gas'
When it's time to present it in a browser, and ONLY when it's time to
present it in a browser, use:
htmlentities('Oil & Gas')
to make it suitable for HTML transport to the browser.
Here's why:
Suppose tomorrow you decide to do an RSS Feed, or export to another
database, or send that data somewhere OTHER than your browser.
Your & is *NOT* the raw data, and it's *NOT* what that other
technology might *want* for the encoding of &
That other technology might not even WANT & encoded in the first place.
Now, RSS might want & -> & for its encoding
But can you guarantee that tomorrow's technology will want that?
No.
Maybe tomorrow's next big thing will want & -> && or perhaps it will
want & -> %#26 or maybe it will want & -> 'fnord-26' or maybe it won't
even need & encoded, but it will need the character sequence 'fnord'
encoded.
The DATA is 'Oil & Gas'
'Oil & Gas' is merely a presentation / encoding of that data for
one (or more) particular (currently popular) transport mechanisms.
Encoding the data for today's usage in your orginal source data is
sheer folly, of the same magnitude that gave us Y2K.
You're making trouble for yourself long-term, and probably confusing
yourself short-term.
RAW data goes in your database: 'Oil & Gas'
> When the category is clicked the query string shows
> just an
> ampersand, i.e.
> "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm
ents=" and therefore just shows as an '&' and the query only sees
'Oil'.
Shows where?
Until you tell us what showed you & where, we can't even begin to
guess what is going on -- because WHERE you saw it changes everything.
There are all manner of potential sources of your vision here.
What you see in the browser, and what you see in "View Source" and
what you see when your mouse goes over a link are all different, and
probably all different from what you would see in the 'mysql' monitor
program.
If "View Source" showed you that, then it's probably a problem.
If you saw it printed out to your browser, it may or may not be a
problem.
If it's in the ToolTip from mouse-over of the link, it's may or may
not be a problem.
The browsers try to "hide" icky details from normal users, and that
means the the & will often get converted before you see it.
The fact that the link doesn't work means that it obviously *IS* a
problem, of course, so exactly where you saw it is somewhat moot,
since you shouldn't have put & in your database, and after you fix
that, the solution will probably entail fixing whatever is causing the
& to get "lost" anyway.
> I guess that I am too tired to deal with this or the answer would
come to
> mind immediately. Can someone drop kick me in the right direction?
Ah. An even MORE important reason for not doing what you did.
Part of your PROBLEM is you've put & in the database instead of &
So you think it's "escaped" already.
Well, it is... For HTML display, it is escaped.
It is *NOT* escaped for a URL.
urlencode() is for URL-escaping.
htmlentities() is for HTML-escaping.
You've done htmlentities() on your data, not urlencode() on your
output of your data.
What *SHOULD* be done is this:
1. Get the original, un-corrupted (un-escaped) data: 'Oil & Gas'
$value = 'Oil & Gas'; // from db.
Note lack of & here!
Your database has no business [*] keeping the HTML-encoding of its
data internally.
2. Since that datum is being passed as an argument in a URL,
urlencode() it:
$value_url = urlencode($value); //prepare for use in URL
$value_url will now most likely contain %26, and the whole & -> &
problem will be MOOT.
But you never know for sure WHAT data will be in there, so...
3. Make the URL:
$url = "Filter=" . urlencode('Process') .
"&FilterKey=$value_url&Order=" . urlencode('Application') . "&order="
. urlencode('ASC');
NOTE: Just to be pedantic, and to drive the point home, I've
urlencode()d every other data element in the URL, even though the
output of urlencode() in all these cases *happens*, by sheer luck, to
be the same as the input, so you don't "need" to encode the data.
I am as guilty as the next guy of taking shortcuts and not
URLencode()ing anything that is 'hard-wired' in PHP source.
But if it's coming from your database, or worse, the user, you'd damn
well better urlencode() each value element you are putting into the
URL.
4. *NOW* you are about to dump that URL into your HTML as the HREF= of
a link. At *THAT* point, and *ONLY* at that point, you want to escape
it for HTML usage:
$url_html = htmlentities($url); //escape for HTML
Your URL now has & for each & separating the key/value pairs in
the GET args.
That's what HTML *wants* though.
Any 'weird' data, where 'weird' is defined by wha
Re: [PHP] Lions and tigers and slashes, oh my!
Jay Blanchard wrote:
[snip]
hope the kick didn't break anything. :-)
[/snip]
Nah, just having a senior moment. Since it is a query string issue I
converted the database (even though it is strictly a web database in this
case) to 'Oil & Gas'. The query string sees the ampersand and doesn't show
so the DB is 'correct'. NOw it's just a case or urlencoding the value before
sticking it in the URL - that will protect the server from breaking off the
query condition/parameter at the point of the '&' in 'Oil & Gas'
and just in case your forced to do the urlencoding of the value on the
client side, here is one I stole earlier:
//
// URLEncode and URLDecode functions
//
// Copyright Albion Research Ltd. 2002
// http://www.albionresearch.com/
//
// The Javascript escape and unescape functions do not correspond
// with what browsers actually do...
//
// You may copy these functions providing that
// (a) you leave this copyright notice intact, and
// (b) if you use these functions on a publicly accessible
// web site you include a credit somewhere on the web site
// with a link back to http://www.albionresarch.com/
//
// If you find or fix any bugs, please let us know at albionresearch.com
//
// SpecialThanks to Neelesh Thakur for being the first to
// report a bug in URLDecode() - now fixed 2003-02-19.
//
function URLEncode(plaintext)
{
if (!plaintext || !plaintext.length) {
return plaintext;
}
var SAFECHARS = "0123456789" + // Numeric
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" + // Alphabetic
"abcdefghijklmnopqrstuvwxyz" +
"-_.!~*'()";// RFC2396 Mark characters
var HEX = "0123456789ABCDEF";
var encoded = "";
for (var i = 0; i < plaintext.length; i++ ) {
var ch = plaintext.charAt(i);
if (ch == " ") {
encoded += "+"; // x-www-urlencoded, rather than %20
} else if (SAFECHARS.indexOf(ch) != -1) {
encoded += ch;
} else {
var charCode = ch.charCodeAt(0);
if (charCode > 255) {
/*
alert( "Unicode Character '" + ch + "' cannot be encoded using
standard URL encoding.\n" +
"(URL encoding only supports 8-bit characters.)\n" +
"A space (+) will be substituted." );
*/
encoded += "+";
} else {
encoded += "%";
encoded += HEX.charAt((charCode >> 4) & 0xF);
encoded += HEX.charAt(charCode & 0xF);
}
}
} // for
return encoded;
};
function URLDecode(encoded)
{
if (!encoded || !encoded.length) {
return encoded;
}
// Replace + with ' '
// Replace %xx with equivalent character
// Put [ERROR] in output if %xx is invalid.
var HEXCHARS = "0123456789ABCDEFabcdef";
var plaintext = "";
var i = 0;
while (i < encoded.length) {
var ch = encoded.charAt(i);
if (ch == "+") {
plaintext += " ";
i++;
} else if (ch == "%") {
if (i < (encoded.length-2)
&& HEXCHARS.indexOf(encoded.charAt(i+1)) != -1
&& HEXCHARS.indexOf(encoded.charAt(i+2)) != -1 ) {
plaintext += unescape(encoded.substr(i,3));
i += 3;
} else {
/*
alert( 'Bad escape combination near ...' + encoded.substr(i) );
*/
plaintext += "%[ERROR]";
i++;
}
} else {
plaintext += ch;
i++;
}
} // while
return plaintext;
};
anything past that in the condirion.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
Jay, Jay Blanchard wrote: > [snip] > hope the kick didn't break anything. :-) > [/snip] > > Nah, just having a senior moment. Since it is a query string issue I > converted the database (even though it is strictly a web database in this > case) to 'Oil & Gas'. The query string sees the ampersand and doesn't show > anything past that in the condirion. URL encoding the category ought to convert the text to Oil%20%26%20Gas, which ought to work without any problems. Have you tried this? David -- David Grant http://www.grant.org.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
I think right you need to check urlencode. You can check a nice example at following php mysql resource site http://www.weberdev.com/get_example-481.html Thanks Richard Correia On 1/13/06, Jay Blanchard <[EMAIL PROTECTED]> wrote: > > I am having a problem with a an ampersand sign. I have a list of things on > a > page, in which one category is 'Oil & Gas'. I store it in the database as > 'Oil & Gas'. When the category is clicked the query string shows just > an > ampersand, i.e. > > "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm > ents=" and therefore just shows as an '&' and the query only sees 'Oil'. > > I guess that I am too tired to deal with this or the answer would come to > mind immediately. Can someone drop kick me in the right direction? Thanks! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
RE: [PHP] Lions and tigers and slashes, oh my!
[snip] hope the kick didn't break anything. :-) [/snip] Nah, just having a senior moment. Since it is a query string issue I converted the database (even though it is strictly a web database in this case) to 'Oil & Gas'. The query string sees the ampersand and doesn't show anything past that in the condirion. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
Jay Blanchard wrote: I am having a problem with a an ampersand sign. I have a list of things on a page, in which one category is 'Oil & Gas'. I store it in the database as 'Oil & Gas'. When the category is clicked the query string shows just an ampersand, i.e. 'problem' 1 is the form in which you store the string in the DB. '& is html encoding - your DB is not a webpage ergo it doesn't need to contain html entities! that is to say - only make html entities of characters when you need to (i.e. after you have extracted the data from the db but before you send it to the browser) 'problem' 2 is that you need to urlencode the string 'Oil & Gas' when you want it to be the value of a url parameter; I have a sneaking suspcision that urlencoding the string 'Oil & Gas' will not do what you want exactly. you might consider using a different url parameter seperator character than the ampersand for this particular app. - the semicolon is often mentioned as a good alternative (it's even mentioned in the std php.ini) "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm ents=" and therefore just shows as an '&' and the query only sees 'Oil'. I guess that I am too tired to deal with this or the answer would come to mind immediately. Can someone drop kick me in the right direction? Thanks! hope the kick didn't break anything. :-) have a nice weekend regardless! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
On 1/13/06, Jay Blanchard <[EMAIL PROTECTED]> wrote: > I am having a problem with a an ampersand sign. I have a list of things on a > page, in which one category is 'Oil & Gas'. I store it in the database as > 'Oil & Gas'. When the category is clicked the query string shows just an > ampersand, i.e. > "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm > ents=" and therefore just shows as an '&' and the query only sees 'Oil'. > > I guess that I am too tired to deal with this or the answer would come to > mind immediately. Can someone drop kick me in the right direction? Thanks! > Have you tried "\&"? Dotan Cohen http://technology-sleuth.com/technical_answer/how_much_memory_will_i_need_for_my_digital_camera.html 232
Re: [PHP] Lions and tigers and slashes, oh my!
Jay Blanchard wrote: I am having a problem with a an ampersand sign. I have a list of things on a page, in which one category is 'Oil & Gas'. I store it in the database as 'Oil & Gas'. When the category is clicked the query string shows just an ampersand, i.e. "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm ents=" and therefore just shows as an '&' and the query only sees 'Oil'. I guess that I am too tired to deal with this or the answer would come to mind immediately. Can someone drop kick me in the right direction? Thanks! Are the categories stored in the db with a unique (numeric?) id? -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
Jay, Jay Blanchard wrote: > I am having a problem with a an ampersand sign. I have a list of things on a > page, in which one category is 'Oil & Gas'. I store it in the database as > 'Oil & Gas'. When the category is clicked the query string shows just an > ampersand, i.e. > "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm > ents=" and therefore just shows as an '&' and the query only sees 'Oil'. > > I guess that I am too tired to deal with this or the answer would come to > mind immediately. Can someone drop kick me in the right direction? Thanks! Probably not the answer you're looking for, and somewhat site-stepping the issue, but can't you use the category key instead of its title? David -- David Grant http://www.grant.org.uk/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Lions and tigers and slashes, oh my!
On 1/13/06, Jay Blanchard <[EMAIL PROTECTED]> wrote: > I am having a problem with a an ampersand sign. I have a list of things on a > page, in which one category is 'Oil & Gas'. I store it in the database as > 'Oil & Gas'. When the category is clicked the query string shows just an > ampersand, i.e. > "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm > ents=" and therefore just shows as an '&' and the query only sees 'Oil'. > > I guess that I am too tired to deal with this or the answer would come to > mind immediately. Can someone drop kick me in the right direction? Thanks! > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Call it "Oil and Gas"? Dotan Cohen http://technology-sleuth.com/long_answer/what_is_hdtv.html 345
Re: [PHP] Lions and tigers and slashes, oh my!
Jay Blanchard wrote: I am having a problem with a an ampersand sign. I have a list of things on a page, in which one category is 'Oil & Gas'. I store it in the database as 'Oil & Gas'. When the category is clicked the query string shows just an ampersand, i.e. "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm ents=" and therefore just shows as an '&' and the query only sees 'Oil'. I guess that I am too tired to deal with this or the answer would come to mind immediately. Can someone drop kick me in the right direction? Thanks! http://php.net/urlencode -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
