royalenfield
royalenfield

Reputation: 90

Ampersand causing returned text to be cut off in URL

I have inherited several php scripts from the person who maintaned the code before. He had no programming experience and mostly threw things together the best he could. today I had to rewrite a plug-in file for wordpress and now I can't figure out what is going wrong.

The issue I am facing is that when diplaying the returned file names in the else statement that is part of the table (<?php echo $result->display_name; ?>) I get unexpected results. Let's say our database has a file called Black & White.pdf. Instead of returning the display_name "Black & White.pdf", it returns "Black". I have tried the following:

<?php echo htmlentities($result->display_name); ?>

and

<?php echo htmlspecialchars($result->display_name); ?>

Neither of which have produced the desired result. What is going wrong? Is this PHP ignorance on my part, or is this something about how WP returns the results (which I assume wouldn't make a difference since I don't believe that WP could change how php is parsed). For reference here is the code:

function display_files($assn_id) {
    global $wpdb;
    $second_db = new wpdb("xxxxxx", "xxxxxx", "xxxxxx", "xxxxxx");

    $results = $second_db->get_results("SELECT
        community_files.id,
        community_files.display_name,
        community_files.filename,
        community_files.sort,
        community_files.file_type
        FROM
        community_files
        WHERE
        community_files.comm_id = '".$assn_id."'
        ORDER BY
        community_files.sort ASC");

        if (!$results) {
            echo "<li>The next meeting has not been posted yet.</li>";
        } else {

            echo "<table>";
            // keeps getting the next row until there are no more to get

            foreach ($results as $result) {
                if (!$result->display_name) {
                    $display_name = str_replace("_", " ", $result->filename);
                    $display_name_fake = str_replace(" .", ".", $display_name);
                    $file_array[$x] = $result->id;
                } else {
                    $display_name = $result->display_name;
                    $display_name_fake = str_replace(" .", ".", $display_name);
                    $file_array[$x] = $result->id;
                } ?>
                    <tr>
                        <td>
                        <?php
                        if ($result->display_name == "") {
                        ?>
                            <a href="renamefiles.php?action=rename&amp;file_id=<?php echo $result->id; ?>&amp;filename=<?php echo $display_name; ?>&amp;assn_id=<?php echo $assn_id; ?>"><?php echo $display_name_fake; ?></a>
                        <?php
                        } else {
                        ?>
                            <a href="renamefiles.php?action=rename&amp;file_id=<?php echo $result->id; ?>&amp;filename=<?php echo $display_name; ?>&amp;assn_id=<?php echo $assn_id; ?>"><?php echo $result->display_name; ?></a>
                        <?php
                        }
                        ?>
                        </td>
                    </tr>
                <?php   
            }
            echo "</table>";
        }
}

Upvotes: 0

Views: 1510

Answers (1)

s_ha_dum
s_ha_dum

Reputation: 2850

It sounds like you need to urlencode that file name when you insert it into the URL you are constructing. Per a comment above not doing so is breaking your GET string.

array(5) { 
  ["action"]=> string(6) "rename" 
  ["file_id"]=> string(5) "24086" 
  ["filename"]=> string(8) "Black " 
  ["White_pdf"]=> string(0) "" 
  ["assn_id"]=> string(2) "25" 
}

This has led you to conclude that the code you posted is failing. It isn't. It is just constructing malformed HTML, which then fails when you click the like.

This code:

<a href="renamefiles.php?action=rename&amp;file_id=<?php echo $result->id; ?>&amp;filename=<?php echo $display_name; ?>&amp;assn_id=<?php echo $assn_id; ?>"><?php echo $result->display_name; ?></a>

Should be like this:

<a href="renamefiles.php?action=rename&amp;file_id=<?php echo $result->id; ?>&amp;filename=<?php echo urlencode($display_name;) ?>&amp;assn_id=<?php echo $assn_id; ?>"><?php echo $result->display_name; ?></a>

You will then need to urldecode $_GET['filename'] when you process the request.

I would encourage you not to have spaces and special characters like & in your filename at all (if you actually are using this name as a filesystem file name). You are asking for trouble.

Upvotes: 1

Related Questions