/    Sign up×
Community /Pin to ProfileBookmark

Folks,

I need to echo link securely. How to do it ?

Q. Is below right ?

““
echo ‘<b>Page Url:</b> ‘; echo urlencode($page_url); echo “<br>”;
““

Q2. Need to echo link, below not quite right. How to fix it ?

““
echo ‘<b>Page Url:</b> ‘; echo “<a href=”urlencode($page_url)”>urlencode($page_url)</a>”; echo “<br>”;
““

Context:

““
$query_2 = “SELECT id,username,domain,page_url,page_title,page_description,exclusive_offer FROM links WHERE $col = ? ORDER BY id LIMIT $offset,$limit”;
$stmt_2 = mysqli_stmt_init($conn);

if(!mysqli_stmt_prepare($stmt_2,$query_2))
{
die(“B.Query Failed!”);
}
else
{
mysqli_stmt_bind_param($stmt_2,’s’,$keywords);
mysqli_stmt_execute($stmt_2);
$result_2 = mysqli_stmt_get_result($stmt_2);

if(!$result_2)
{
die(“Fetching Error!”);
}

while($row = mysqli_fetch_array($result_2,MYSQLI_ASSOC))
{
$id = $row[‘id’];
$domain = $row[‘domain’];
$page_url = $row[‘page_url’];
$page_title = $row[‘page_title’];
$page_description = $row[‘page_description’];
$exclusive_offer = $row[‘exclusive_offer’];
$username = $row[‘username’];

echo ‘<b>Sumission Id:</b> ‘; echo $id; echo “<br>”;
echo ‘<b>Domain:</b> ‘; echo $domain; echo “<br>”;//IS THIS LINE CORRECT TO ECHO URL SECURELY ?
echo ‘<b>Page Url:</b> ‘; echo urlencode($page_url); echo “<br>”;//HOW TO FIX THIS LINE TO EXHO LINK SECURELY ?
echo ‘<b>Page Url:</b> ‘; echo “<a href=”urlencode($page_url)”>urlencode($page_url)</a>”; echo “<br>”;
echo ‘<b>Page Title:</b> ‘; echo $page_title; echo “<br>”;
echo ‘<b>Page Description:</b> ‘; echo $page_description; echo “<br>”;
echo ‘<b>Exclusive Offer:</b> ‘; echo $exclusive_offer; echo “<br>”;
echo ‘<b>Username:</b> ‘; echo $username; echo “<br>”;
echo “<br>”;
}
}
““

NOTE: Read comment in the echoes.

to post a comment

11 Comments(s)

Copy linkTweet thisAlerts:
@NogDogOct 15.2020 — urlencode() should normally only be applied to value portion of key/value pairs in the query string section of a URL.
<i>
</i>$url = 'https://example.com/foobar?foo='.urlencode($foo).'&amp;bar='.urlencode($bar);
Copy linkTweet thisAlerts:
@developer_webauthorOct 18.2020 — @NogDog#1624277

From what I just learnt from you, it seems I can do these two ways as I getting no errors but I need a pro like you here in this forum to confirm these following two are correct:

1.

echo '<b>Page Url:</b> '; echo "<a href='tracker.php?url='.urlencode($url).'&id='.urlencode($id)'>$link_anchor_text</a>"; echo "<br>";


2.

echo '<b>Page Url:</b> '; echo "<a href="tracker.php?url=urlencode($url)&id=urlencode($id)">$link_anchor_text</a>"; echo "<br>";


If both are correct then I believe you pros would prefer the first one over the second since the second is using escapes.

Am I right ?

However, clicking the link on the first one leads to:

http://localhost/test/tracker.php?url=

Param Values are missing.

Clicking the link on the second one leads to:

http://localhost/test/tracker.php?url=urlencode(heman.com/index.php)&id=urlencode(1)

That is no good. Should have lead to:

http://localhost/test/tracker.php?url=heman.com/index.php&id=1

How to fix ? Where I went wrong ?
Copy linkTweet thisAlerts:
@developer_webauthorOct 18.2020 — This not working:

echo '<b>3.Page Url:</b> '; echo '<a href='.'tracker.php?url='.urlencode($url).'&id='.urlencode($id).">$anchor</a>"; echo "<br>";
Copy linkTweet thisAlerts:
@NachfolgerOct 18.2020 — > @developer_web#1624349 This not working:

Syntax error. Fix it.
Copy linkTweet thisAlerts:
@NogDogOct 18.2020 — I constantly recommend printf() (or sprintf(), depending on whether you want to output directly or store to a variable with the latter) to avoid the messiness of intermingling PHP function calls with HTML markup -- though it seems that nobody else likes it. 🤷‍♂️
<i>
</i>printf(
'&lt;a href="tracker.php?url=%s&amp;id=%d"&gt;%s&lt;/a&gt;&lt;br&gt;', // assuming id is an integer?
urlencode($url),
$id,
htmlentities($anchor)
);
Copy linkTweet thisAlerts:
@tracknutOct 18.2020 — I use printf :) though I cut my teeth on C, so that may be a reason.
Copy linkTweet thisAlerts:
@developer_webauthorOct 19.2020 — @Nachfolger#1624352

Syntax error on which one, mate ?
Copy linkTweet thisAlerts:
@developer_webauthorOct 19.2020 — @NogDog#1624353

Ok. Thanks for the printf. never heard of sprintf.

Anyway, are you 100% sure it cannot be done with echo ? I find echo easier than printf.
Copy linkTweet thisAlerts:
@developer_webauthorOct 19.2020 — @NogDog#1624353

Your printf code fine:

printf(
'<a href="tracker.php?url=%s&id=%d">%s</a><br>', // assuming id is an integer?
urlencode($url),
$id,
htmlentities($anchor)
);


And mine echo code:

echo '<b>4.Page Url:</b> '; echo '<a href='.'tracker.php?url='.urlencode($url).'&id='.urlencode($id).">$anchor</a>"; echo "<br>";


lead to:

http://localhost/test/tracker.php?url=heman.com%2Findex.php&id=1

Should actually lead to:

http://localhost/test/tracker.php?url=heman.com/index.php&id=1

Where did the "%2F" replacing "/" come from ?
Copy linkTweet thisAlerts:
@developer_webauthorOct 19.2020 — @NogDog#1624353

Your printf code fine:

printf(
'<a href="tracker.php?url=%s&id=%d">%s</a><br>', // assuming id is an integer?
urlencode($url),
$id,
htmlentities($anchor)
);


And mine echo code:

echo '<b>4.Page Url:</b> '; echo '<a href='.'tracker.php?url='.urlencode($url).'&id='.urlencode($id).">$anchor</a>"; echo "<br>";


lead to:

http://localhost/test/tracker.php?url=heman.com%2Findex.php&id=1

Should actually lead to:

http://localhost/test/tracker.php?url=heman.com/index.php&id=1

Where did the "%2F" replacing "/" come from ?
Copy linkTweet thisAlerts:
@NogDogOct 19.2020 — > @developer_web#1624379 Should actually lead to:

No, it should not. That is the purpose of urlencode(): to apply the URL-encoding to certain characters that otherwise would have a special meaning when used within a URL (such as the slash in this case).
×

Success!

Help @developer_web spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 3.28,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,

tipper: Anonymous,
tipped: article
amount: 10 SATS,
)...