Page 1 of 1

str_replace() for "%20"

Posted: Mon Apr 21, 2008 5:57 pm
by neridaj
Hello,

I'm trying to replace the "%20" (space) from the query string with " " but my page just keeps blowing up when I use str_replace(). I have directories which contain photos of houses and I need the name of the directories to have spaces as they are also used for display purposes. However, when "%20" shows up in the query string it blows up the page and nothing is displayed. I tried running it through str_replace() to replace the "%20" but this doesn't work either.

Code: Select all

function get_imgarr()
{
    $rpa = $_GET['pa'];
    $pa = str_replace("%20", " ", $rpa);
    var_dump($pa);
    if(!valid_propadd($pa))
        die("invalid property address!");
    else
    $propadd = $pa;
    $userfolder = $_SESSION['valid_user'];
    $dir = get_imgdir();
    $files = @scandir($dir);
    foreach($files as $value) {
        // check for image files
        if(valid_image_file($value))
            // build image array
            $imgarr[] = $value;
    }
    return $imgarr;
}
Any ideas?

Thanks,

Jason

Re: str_replace() for "%20"

Posted: Mon Apr 21, 2008 6:29 pm
by Zoxive
Take a look at urldecode.

Re: str_replace() for "%20"

Posted: Tue Apr 22, 2008 12:27 am
by neridaj
I decided to do this after no luck with urldecode(), however I get the same results with str_replace(). I don't understand what's going on, the page just stops when the query string contains anything other than alphanumeric. I tried commenting out my regex check and I still get the same thing, when I use only integers it works fine.

Here is the code sent to the query string:

Code: Select all

function display_folders()
{
    //$photoarr = get_imgarr();
    $username = $_SESSION['valid_user'];
    $result = get_agent_info($username);
    $row = $result->fetch_array(MYSQLI_ASSOC);
    echo '<a href="logout.php">Logout</a>'; 
    $userfolder =  $_SESSION['valid_user'] . '/';
    $dir    = 'members/' . $userfolder;
    $files = scandir($dir);
    $count = 0;
    foreach($files as $value) {
        if(!in_array($value, array('.', '..'))) {
    
            // check for folders
            if(is_dir($dir.DIRECTORY_SEPARATOR.$value)) {
    
                    $count++;
            }
        }
    }
    echo '<table align="center" border="0" cellpadding="5"><tr><th colspan="'. $count .'">'. $row['agent_name'] .'</th></tr><tr>';
    foreach($files as $value) {
        if(!in_array($value, array('.', '..'))) {
    
            // check for folders
            if(is_dir($dir.DIRECTORY_SEPARATOR.$value)) {
                $size = getimagesize($dir . $value . '.jpg');
                list($width, $height) = $size;
                $dimarr = array("width" => $width, "height" => $height);
                $scalewidth = .04 * $dimarr["width"];
                $scaleheight = .04 * $dimarr["height"];
                $rvalue = str_replace("_", " ", $value);
                printf('<td><a href="preview.php?pa=%s">'.
                    '<img src="'. $dir . $value .'.jpg" width="'. $scalewidth .'" height="'. $scaleheight .'" />'.
                    '<br />%s<a/></td>',
                    $value, $rvalue);
            }
        }
    }
    echo '</tr></table>';
}
Is it illegal to have underscores in the query string?

Thanks for the replies,

Jason