Home > Enterprise >  PHP $_GET is removing special characters from the value
PHP $_GET is removing special characters from the value

Time:12-12

I am sending an HTTP GET request with urlencoded value from a client application and on the server side I am using $_GET["Value"] to grab the value.

this is what the request looks like on the client side https://example.com/validate.php?Value= MqZjrRvtvFdcC3GCRRnnQ== but on the server side the result of $_GET["Value"] is MqZjrRvtvFdcC3GCRRnnQ== without in the beginning of MqZjrRvtvFdcC3GCRRnnQ== How can I grab the value as it is including all the special characters(if any)

I tried htmlspecialchars($_GET["Value"]) but this didnt work either.

CodePudding user response:

You can't inject any random character in a URL, you need to use proper escaping functions. In PHP you have rawurlencode():

$encoded = 'https://example.com/validate.php?Value=' . rawurlencode(' MqZjrRvtvFdcC3GCRRnnQ==');

https://example.com/validate.php?Value=+MqZjrRvtvFdcC3GCRRnnQ==

(Demo)

In particular, is some old encoding for whitespace character (U 0020) and = is often used to separate argument name from argument value.

CodePudding user response:

The is a special char which will be escaped by parse_str(). You need to parse the query string by yourself.

Note: If there are multiple values you need to split by & first.

Calling

http://localhost:4000/?Value= MqZjrRvtvFdcC3GCRRnnQ==

[$key, $value] = explode('=', $_SERVER['QUERY_STRING']);

will give a $value of

 MqZjrRvtvFdcC3GCRRnnQ==

Page link:https//www.codepudding.com/Enterprise/639566.html

Prev:Convert unix time to UTC date/time in PHP
Next:How to refresh page and send request with some data via jquery
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding