A string posted with ”&” is not equal to a hard coded “&”

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
herbkanis
Forum Newbie
Posts: 6
Joined: Sun Apr 05, 2009 5:38 pm

A string posted with ”&” is not equal to a hard coded “&”

Post by herbkanis »

Simple question has me stumped. page1.php submits a string to page2.php
The posted string is “http:&”

Page2 gets the post using either:
$string1 = htmlspecialchars($_POST[‘str’]);
$string1 = htmlentities($_POST[‘str’]);

Page2 also hard codes $string2 = “http:&”

Now the problem… $string1 is not equal to $string2

the posted $string1 echo is exactly the same as $string2, however the lengths are different because of the “&”

Any insights on how to correct this would be welcomed.
Thanks, Herb
tech603
Forum Commoner
Posts: 84
Joined: Thu Mar 19, 2009 12:27 am

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by tech603 »

however the lengths are different because of the “&”
It the lengths are different then they can not be equal. You are probably picking up some white spaces, try using the trim function to clear any white spaces that may have been picked up along the way.

http://www.php.net/manual/en/function.trim.php

Hope that helps
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by Eran »

htmlentities() converts special characters to their equivalent html entities. One such characters is the ampersand, which is converted to &
when you echo it it appears the same since your browser interpreters it as such, however if you look at the source you'll see the html entity, which is 5 characters in length.
herbkanis
Forum Newbie
Posts: 6
Joined: Sun Apr 05, 2009 5:38 pm

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by herbkanis »

Thanks for the replies. I forgot to say I did the trimming. Perhaps I did it wrong?
My code is…
TEST1.PHP
<form action="test2.php" method="post">
<p>Enter starting URL/HTML: <input type="text" name="str1" /></p>
<p><input type="submit" /></p>
<br>
http:&

TEST2.PHP
<?php
$str0 = htmlentities($_POST['str1']);
$str1 = htmlspecialchars($_POST['str1']);
$str2 = 'http:&';
$str0 = trim($str0);
$str1 = trim($str1);
$str2 = trim($str2);

if ($str1 == $str2)
{echo "$str1 == $str2 matches exact";}
else{
echo "str1 = ".trim($str0)."<br>";
echo "str2 = ".trim($str1)."<br>";
echo "str3 = ".trim($str2)."<br>";
echo strlen(trim($str0))."<br>";
echo strlen(trim($str1))."<br>";
echo strlen(trim($str2))."<br>";
echo "somethings amiss";
}
?>

THE RESULTS ARE:
str1 = http:&
str2 = http:&
str3 = http:&
10
10
6
somethings amiss

Thanks for any clues…
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by Eran »

Did you read my response..
herbkanis
Forum Newbie
Posts: 6
Joined: Sun Apr 05, 2009 5:38 pm

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by herbkanis »

Hi, yes I did read your reply, but I thought it only applied to htmlentities and I used BOTH htmlentities and htmlspecialchars and each returns the longer string.
How can I "trim" the invisible part of the returned string?
Also, are there any other characters which work similar to the "&" so I can be aware of them?
thanks a bunch..
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by Eran »

There is no "invisible part" to trim. The character when passed through htmlentities is changed to the appropriate HTML entity and is in fact 5 characters in length. There are plenty of online lists of HTML entities, such as this one - http://www.cookwood.com/html/extras/entities.html

If you want to preserve the original character, don't pass it through the htmlentities function..
herbkanis
Forum Newbie
Posts: 6
Joined: Sun Apr 05, 2009 5:38 pm

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by herbkanis »

the problem is I'm trying to pass a URL address... http etc etc
and it has one or more "&" embedded in it.
Are you saying I will have to parse out the string that was posted and rebuild it?
herbkanis
Forum Newbie
Posts: 6
Joined: Sun Apr 05, 2009 5:38 pm

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by herbkanis »

by the way, thanks for the link.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by Eran »

If you want to output the link, then it's best to encode the entities using htmlentities (it's not valid to put entity characters directly in an HTML document).

For URLs you should use urlencode() and urldecode() for most purposes
herbkanis
Forum Newbie
Posts: 6
Joined: Sun Apr 05, 2009 5:38 pm

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by herbkanis »

Ok, I’m starting to understand the & problems. But still not clear on how the & works ok in links, but not when passed as a variable..
I’m trying to input a string such as:
http://www.yellowpages.com.au/search/po ... onClue=qld
and pass it along to my program which will load up the page.

Why does the string work when pasted right into the browser?
I’m using curl to fetch the page…
curl_setopt ($ch, CURLOPT_URL,$page);

How would you go through the process of passing the string and fetching a page dynamically without altering the input string?
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: A string posted with ”&” is not equal to a hard coded “&”

Post by Eran »

Encoding entities with HTML entities is for HTML viewing purposes only. If you are using URL strings internally in your scripts and not displaying them in a web browser, there is no reason to use it. Use urlencode() to prepare strings as URLs
Post Reply