What is the diffrent between using {%2B) instead of (+) before a number?

Question

i was working on an api base on a tutorial which it was getting token from user to recognize that user is admin or not.

so it's just a question about is this really matter to use

+1xxx-xxxx-xxx

Or

%2B1xxx-xxxx-xxx

When i've tested my api it's returning null if i input wrong data in isServerToken, and if i use right one it's gonna return right value. but if i use + instead of [%2B] it's gonna get me this error :

<br />
<b>Notice</b>:  Undefined variable: token in <b>/h**e/m***/pu**tml/***/db_functions.php</b> on line <b>389</b><br />
null

I'll comment 389 line in below

No matter if i use right or wrong input for isServerToken. It's gonna say top error.

I'm asking this because i'm getting error from my android about

java.langillegalStateException: Expected BEGIN_OBJECT but was BEGIN_ARRAY at line 1 column 2 path $

so i'm considering every possibility about what is making this error happen. here are the codes for PHP API. In tutorial instructor used get_result, but I've changed it to bind_result because it won't work on my online host.

here are the codes :

// Instructer Code
public function getToken($phone,$isServerToken)
{
    $stmt = $this->conn->prepare("SELECT * FROM `token` WHERE phone=? AND isServerToken=?") or die ($this->conn->error);
    $stmt->bind_param("ss",$phone,$isServerToken);
    $result = $stmt->execute();
    $token = $stmt->get_result()->fetch_assoc();
    $stmt->close();
    return $token;
}

// What i've changed to Bind
public function getToken($phone,$isServerToken)
{
    $stmt = $this->conn->prepare("SELECT phone, token, isServerToken FROM `token` WHERE phone=? AND isServerToken=?") or die ($this->conn->error);
    $stmt->bind_param("ss",$phone,$isServerToken);
    $result = $stmt->execute();
    $stmt->bind_result($arr['phone'], $arr['token'], $arr['isServerToken']);
    while ($stmt->fetch())
    {
        $token[] = $arr;
    }
    $stmt->close();
    return $token; => This is where `Undefined variable: token in` happen.
}

And app calling from this part :

//Only instructor code, i didn't changed anything this part
if(isset($_POST['phone']) && isset($_POST['isServerToken']))
{
$userPhone = $_POST['phone'];
$isServerToken = $_POST['isServerToken'];

$token = $db->getToken($userPhone,$isServerToken);

echo json_encode($token);


}
else{
$response = "Required parameter (phone , isServerToken) is missing!";
echo json_encode($response);
}

I want to make sure when use register with +xxxx-xxxx-xxx number is this making my api say top error or not, because as i said it's working fine with %2Bxxxx-xxxx-xxx.

Also number is saving with + in database.

When I've line to this base on suggestions things got opposite now + work and 2%B will be null. $token = $db->getToken(urlencode($userPhone),$isServerToken);

Thanks

gruneey85 · Accepted Answer · 2018-08-12T23:54:46.733

1

In your second function declaration of getToken, the variable $token will never be created, if the while construction isn't being looped (as you are declaring $token online inside the loop).

So, possible outcome is that the variable $token just don't exists at the moment of returning $token (which is what you are experiencing). In other words, there aren't any results being looped in your case.

Also: Plus-signs aren't a good match within JSON: https://stackoverflow.com/a/1374456/5682311

Using php's urlencode function on the phonenumber (or any value) before parsing it to json_encode, sounds like the solution (which will transform the + sign into %2B)

edit:

public function getToken($phone,$isServerToken)
{
    $stmt = $this->conn->prepare("SELECT phone, token, isServerToken FROM `token` WHERE phone=? AND isServerToken=?") or die ($this->conn->error);
    $stmt->bind_param("ss",$phone,$isServerToken);
    $result = $stmt->execute();
    $stmt->bind_result($arr['phone'], $arr['token'], $arr['isServerToken']);

    $token = array(); // <- added this line, to be sure variable $token always exists
    while ($stmt->fetch())
    {
        $token[] = array_map('urlencode', $arr ); // <- urlencode all values within $arr
    }
    $stmt->close();
    return $token; 
}

edited Aug 12 '18 at 23:54

answered Aug 12 '18 at 15:00

gruneey85

166
2
4

i'm not really experienced on this, can u gimme a clue base on a code or example, and I'll fix it or just change my code and let me know. – Mohammad Eskandari Aug 12 '18 at 15:20
so base on what u said, i've changed things now when i've type with `+` it's gonna work but `%2B` will be null. changes are in `$token = $db->getToken(urlencode($userPhone),$isServerToken);` – Mohammad Eskandari Aug 12 '18 at 16:09
I added a code example. Your correction won't do the job, as the urlencode should **not** happen when passing parameters to function `getToken`, but should happen before passing the result of `getToken` to `json_encode` (so, I added urlencode within your function-block) – gruneey85 Aug 12 '18 at 23:58
Hey man. well thanks. i fixed $token part exactly like how u did, but i'll do like u said about urlencode. Thanks again. – Mohammad Eskandari Aug 13 '18 at 04:27

What is the diffrent between using {%2B) instead of (+) before a number?

1 Answers1