• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1505
  • Last Modified:

Passing a variable value to query string using a hidden field

I have a variable name $vars where I am saving all the variables such as:
if($publish_year) $vars .= "&year=".$publish_year;

and then passing it through a form as following:
<input id="vars" name="vars" value="<? echo $vars; ?>" type="hidden" />
<label for="perPage">Number</label>
          <select id="perPage" name="perPage">
            <option value="10"<? if($_GET['perPage'] == '10'){ ?> selected="selected"<? } ?>>10</option>
            <option value="25"<? if($_GET['perPage'] == '25'){ ?> selected="selected"<? } ?>>25</option>
            <option value="50"<? if($_GET['perPage'] == '50'){ ?> selected="selected"<? } ?>>50</option>  
            <option value="100"<? if($_GET['perPage'] == '100'){ ?> selected="selected"<? } ?>>100</option>
          </select>


The output in the query string shows all % % why is that?
here's the output

www.mytestwebsite.php?order_by=Date+DESC&vars=%26year%3D2000&perPage=25
Technicall I should have year=2000

any ideas?
thanks

0
martyje
Asked:
martyje
  • 4
  • 3
1 Solution
 
Ray PaseurCommented:
You are looking at URL-encoded strings when you see those % signs
0
 
martyjeAuthor Commented:
How do I get rid of them?
0
 
Ray PaseurCommented:
Good question!  Something is "helping" you by url-encoding things in your form.  Hex 26 is an ampersand and hex 3D is an equal sign.  If you can post the PHP that generates the link, I may be able to pick up the point.  Or you can look at the PHP function urldecode() and it may be just what you need once you get the hidden string back into your script.  ~Ray
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
martyjeAuthor Commented:
This is how I resolved the issue:

$body = ereg_replace("\n|<p>|</p>", "%0A", "Title: ". $title. "</p><p>". "Published Date: ". $publish_date. "
                                      </p>");
$contact_email=  "<a href=\"mailto:$contact_data?subject=Test%20Email&amp;body=$body\">$contact_data</a>";
0
 
Ray PaseurCommented:
Just wondering, did you try the urldecode() function?
0
 
martyjeAuthor Commented:
Yes I did. That didn't work.
0
 
Ray PaseurCommented:
Hmm.  It worked perfectly for me.  Here is the script I used to test it before posting the answer.

You can run that script here:
http://www.laprbass.com/RAY_urldecode.php

I copied your example with cut-and-paste, ran it through urldecode() and got this output, which is correct:
www.mytestwebsite.php?order_by=Date DESC&vars=&year=2000&perPage=25

Can you please post the output from your test that didn't work?
<?php
 
if ($_GET["q"] == "d") {
  $script  = $_SERVER["SCRIPT_FILENAME"];
  $string = file_get_contents($script);
  header("Content-type: text/plain");
  header("Content-disposition: attachment; filename=\"" . $script . "\";" );
  echo $string;
  flush();
} else {
  echo "<br /><strong>Here is the output of urldecode()</strong>\n";
  echo "<br />\n";
  echo urldecode("www.mytestwebsite.php?order_by=Date+DESC&vars=%26year%3D2000&perPage=25");
  echo "<br /><br /><a href=\"$PHP_SELF?q=d\">To download the contents of this script, click here</a>\n";
}
die();
?>

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now