Some of our GET request pass paramaters in the URI and in as a request parameter.
So in firebug you'd see the same parameter in the URI and you'd see it also on the params tab for the request.
When the parameter values needs to be encoded e.g. it is %, I see it encoded in the URI as %25 but I don't see it being encoded on the params tab.
The requests are being made using Angular.
I am wondering is it only when the parameter in the URI that it needs to encoded? Or do I need to be consistent here?
Thanks
you should encode your url/parameters using encodeURIComponent(url_or_params)
see: http://www.w3schools.com/jsref/jsref_encodeuricomponent.asp
Related
e.g. in this url
https://developer.mozilla.org/en-US/docs/Web/API/URL/href#Examples
Examples is the hash part of the URL. I would like to put a secret there because I know servers don't see this component. What characters are safe to put here?
About a week ago, our IIS server started getting hits on a single page with a very long query string. Multiple key-value pairs where both the key and the value were just random characters. The page is always the same. The page is shtml so it does not expect or use any query string variables.
Each hit had a completely unique query string. Here are some examples:
Zgmgi=zSYF1I82nna&WopGF=NoH4zLwdxLB&V89l2=HnpJsD0FJs&MKmeop=TQqf1ih6d4&Im3ae=UOyGEB6ES5&yWpB5j=QUzTmMBz0St&iKVcYwm=n99RUVUKE2&NBnVP7=H5M2vMsOMo&Kxbzrx7=9IcEmiKIoBq&cxlJe=vnwmKaKWXT5&OnFL0=idbQiRNt76&
M5KtGSd=QOL7MuGFD15&Rw7zcXi=Jq3QmkjLsx&QtEmDNv=v7ulHE77t4T&Hpbw45=WSMfPCbZig&S14KS4=Hw3jo3tEzeZ&wgUpRz=l2KfUkO6x2&qcDox=kEFEhraHZgS&JWf1Ia=PhmyHOioHB&en6gDG7=hZHl1tNvLk&ydRFTwQ=IgmQvKse0yD&r6SHx=7G6wP1QksU&F2gwZ=6fTYKzDek7&
I have pasted them into a couple of decoders (uri, base64) and they don't come up with anything. Is there something obvious that I could be missing? I do not want to overlook some sort of attack attempt?
From description, this could be a kind of DDOS attack. Attacker will send random Querystrings request to your page. It is a kind of flood attack, which send massive requests to make your sever overload. The querystring is just random and meaningless.
You can add this rule to your request filtering module on IIS. This rule deny all request with "=" in the querystring (actually deny all query) to .shtml file.
I am using this as a url:
http://localhost/easyappointments/info/vikram/45346346
My original path is http://localhost/easyappointments/index.php and rest /info/vikram/45346346 want to use as parameter. I will use explode() from php.
When I use this url, it says object not found.
if you want to use them as parameters then you could pass them as parameters in the url.
http://localhost/easyappointments/index.php?word_param=vikram&num_param=45346346
Or this answer shows you how to do it the way you're trying to do it
PHP passing parameters via URL
Is it possible to rewrite the URL part of a request but still pass the original request as a get parameter to php.
For example, my search url might be www.mysite.com/search/Search%20Request when the search request has been entered by the user and is multiple words, lower and upper case etc, I want to rewrite the url to all lowercase with no enocding signs etc, so the url is www.mysite.com/search/search-request but my get parameter gets passed correctly as &search=Search%20Request.
How can I rewrite just the url in .htaccess and not change the parameters I pass to my script with get.
I am trying to figure out how to use the ampersand symbol in an url.
Having seen it here: http://www.indeed.co.uk/B&Q-jobs I wish to do something similar.
Not exactly sure what the server is going to call when the url is accessed.
Is there a way to grab a request like this with .htaccess and rewrite to a specific file?
Thanks for you help!
Ampersands are commonly used in a query string. Query strings are one or more variables at the end of the URL that the page uses to render content, track information, etc. Query strings typically look something like this:
http://www.website.com/index.php?variable=1&variable=2
Notice how the first special character in the URL after the file extension is a ?. This designates the start of the query string.
In your example, there is no ?, so no query string is started. According to RFC 1738, ampersands are not valid URL characters except for their designated purposes (to link variables in a query string together), so the link you provided is technically invalid.
The way around that invalidity, and what is likely happening, is a rewrite. A rewrite informs the server to show a specific file based on a pattern or match. For example, an .htaccess rewrite rule that may work with your example could be:
RewriteEngine on
RewriteRule ^/?B&Q-(.*)$ /scripts/b-q.php?variable=$1 [NC,L]
This rule would find any URL's starting with http://www.indeed.co.uk/B&Q- and show the content of http://www.indeed.co.uk/scripts/b-q.php?variable=jobs instead.
For more information about Apache rewrite rules, check out their official documentation.
Lastly, I would recommend against using ampersands in URLs, even when doing rewrites, unless they are part of the query string. The purpose of an ampersand in a URL is to string variables together in a query string. Using it out of that purpose is not correct and may cause confusion in the future.
A URI like /B&Q-jobs gets sent to the server encoded like this: /B%26Q-jobs. However, when it gets sent through the rewrite engine, the URI has already been decoded so you want to actually match against the & character:
Rewrite ^/?B&Q-jobs$ /a/specific/file.html [L]
This makes it so when someone requests /B&Q-jobs, they actually get served the content at /a/specific/file.html.