Handling %22 in urls

Question

I have a page that uses an input field to search, and then uses that same field to go across pages. It also accepts double quotes for exact searching.

The url needs to look like blahblah.com/search/%22querystuff%22, but it autodefaults to blahblah.com/search/"querystuff" which fails in the browser.

Is there any way to get it to stop doing that or do I need to look into a different method.

I'm not entirely sure what the problem is (it would help if you provided the problematic code) but it sounds like your question boils down to a [duplicate of this](http://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php). — Quentin, Sep 25 '14 at 20:09
I think you want [urlencode()](http://php.net/manual/en/function.urlencode.php). — jedwards, Sep 25 '14 at 20:09
My problem is that my current code is . The browser shows that when you inspect the element, but as soon as you click on it, the browser tries to go to dummy.com/query/"test". — wloggains, Sep 25 '14 at 20:10
You can even type it straight into the browser and it auto defaults back to double quotes. I noticed stack overflow even does it. — wloggains, Sep 25 '14 at 20:12
Some browsers, such as chrome, decode the url into `"test"` from '%22test%22' to make it easier to read, but if you have a link, you will need to `urlencode` it before putting it on the page. — Adam, Sep 25 '14 at 20:14

score 2 · Answer 1 · answered Sep 25 '14 at 20:09

2

Try out the urlencode method.

Here is an example of how to use it:

<?php
$userinput = '"Hello world"';
echo '<a href="http://blahblah.com/search/', urlencode($userinput), '">';
?>

answered Sep 25 '14 at 20:09

Adam

4,445
1
31
49

That has been my approach before I came here. It doesn't work for me. The link will show the encoded string in inspect, but when you click or even just type that into the bar directly, the %22 all turn back into quotes. – wloggains Sep 25 '14 at 20:15
What browser and what version of the browser? – Adam Sep 25 '14 at 20:16
Both Chrome and Firefox, latest versions. – wloggains Sep 25 '14 at 20:16
1

That is a feature of the browser, it decodes the encoded URL so it can handle both `%22` and `"` interchangeably. See [this jsfiddle](http://jsfiddle.net/mudxnfmf/). That's just how Chrome and FF work, is there a problem with how they are working? If you try it in IE10 (the only version I have available right now), you'll see that the url is not decoded. – Adam Sep 25 '14 at 20:19
1

Ah, its code igniter. I feel like that was an important piece of information to leave out. Code Igniter is throwing the error for having the quotes. – wloggains Sep 25 '14 at 20:21
Ah yeah, that's a codeigniter issue, not standard PHP. If you look at the request being sent to the server, it is actually sending `%22`, so you'll have to find a way to get codeigniter to not complain about quotes, or to eliminate quotes from your URLs. Both issues are outside of the scope of my knowledge unfortunately. Feel free to post a new question or edit this one if you have any trouble and hopefully someone else can help you out. – Adam Sep 25 '14 at 20:24
I had a problem like that not long ago, in my case I was able to use other char as the `"` (though i had to eliminate spaces) so `"Hello World"` became `hello:world` and then i'd replace the value of `:` with that of a space. But, again, I could afford doing that as I was sending coder-controled strings (so I knew `:` was always a space). – MoshMage Sep 25 '14 at 20:55
1

@wloggains: Then you could add the double quotes `"` in the `$config['permitted_uri_chars']` variable in the `config.php` file. However, that is not recommended. – machineaddict Sep 26 '14 at 06:35

Handling %22 in urls

1 Answers1