Page 1 of 1

A string posted with ”&” is not equal to a hard coded “&”

Posted: Sun Apr 05, 2009 5:41 pm
by herbkanis
Simple question has me stumped. page1.php submits a string to page2.php
The posted string is “http:&”

Page2 gets the post using either:
$string1 = htmlspecialchars($_POST[‘str’]);
$string1 = htmlentities($_POST[‘str’]);

Page2 also hard codes $string2 = “http:&”

Now the problem… $string1 is not equal to $string2

the posted $string1 echo is exactly the same as $string2, however the lengths are different because of the “&”

Any insights on how to correct this would be welcomed.
Thanks, Herb

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Sun Apr 05, 2009 6:42 pm
by tech603
however the lengths are different because of the “&”
It the lengths are different then they can not be equal. You are probably picking up some white spaces, try using the trim function to clear any white spaces that may have been picked up along the way.

http://www.php.net/manual/en/function.trim.php

Hope that helps

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Sun Apr 05, 2009 7:03 pm
by Eran
htmlentities() converts special characters to their equivalent html entities. One such characters is the ampersand, which is converted to &
when you echo it it appears the same since your browser interpreters it as such, however if you look at the source you'll see the html entity, which is 5 characters in length.

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:27 pm
by herbkanis
Thanks for the replies. I forgot to say I did the trimming. Perhaps I did it wrong?
My code is…
TEST1.PHP
<form action="test2.php" method="post">
<p>Enter starting URL/HTML: <input type="text" name="str1" /></p>
<p><input type="submit" /></p>
<br>
http:&

TEST2.PHP
<?php
$str0 = htmlentities($_POST['str1']);
$str1 = htmlspecialchars($_POST['str1']);
$str2 = 'http:&';
$str0 = trim($str0);
$str1 = trim($str1);
$str2 = trim($str2);

if ($str1 == $str2)
{echo "$str1 == $str2 matches exact";}
else{
echo "str1 = ".trim($str0)."<br>";
echo "str2 = ".trim($str1)."<br>";
echo "str3 = ".trim($str2)."<br>";
echo strlen(trim($str0))."<br>";
echo strlen(trim($str1))."<br>";
echo strlen(trim($str2))."<br>";
echo "somethings amiss";
}
?>

THE RESULTS ARE:
str1 = http:&
str2 = http:&
str3 = http:&
10
10
6
somethings amiss

Thanks for any clues…

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:33 pm
by Eran
Did you read my response..

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:40 pm
by herbkanis
Hi, yes I did read your reply, but I thought it only applied to htmlentities and I used BOTH htmlentities and htmlspecialchars and each returns the longer string.
How can I "trim" the invisible part of the returned string?
Also, are there any other characters which work similar to the "&" so I can be aware of them?
thanks a bunch..

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:46 pm
by Eran
There is no "invisible part" to trim. The character when passed through htmlentities is changed to the appropriate HTML entity and is in fact 5 characters in length. There are plenty of online lists of HTML entities, such as this one - http://www.cookwood.com/html/extras/entities.html

If you want to preserve the original character, don't pass it through the htmlentities function..

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:48 pm
by herbkanis
the problem is I'm trying to pass a URL address... http etc etc
and it has one or more "&" embedded in it.
Are you saying I will have to parse out the string that was posted and rebuild it?

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:50 pm
by herbkanis
by the way, thanks for the link.

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 7:52 pm
by Eran
If you want to output the link, then it's best to encode the entities using htmlentities (it's not valid to put entity characters directly in an HTML document).

For URLs you should use urlencode() and urldecode() for most purposes

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 8:21 pm
by herbkanis
Ok, I’m starting to understand the & problems. But still not clear on how the & works ok in links, but not when passed as a variable..
I’m trying to input a string such as:
http://www.yellowpages.com.au/search/po ... onClue=qld
and pass it along to my program which will load up the page.

Why does the string work when pasted right into the browser?
I’m using curl to fetch the page…
curl_setopt ($ch, CURLOPT_URL,$page);

How would you go through the process of passing the string and fetching a page dynamically without altering the input string?

Re: A string posted with ”&” is not equal to a hard coded “&”

Posted: Mon Apr 06, 2009 9:37 pm
by Eran
Encoding entities with HTML entities is for HTML viewing purposes only. If you are using URL strings internally in your scripts and not displaying them in a web browser, there is no reason to use it. Use urlencode() to prepare strings as URLs