URL with quotes causing errors

Question

I am a newbie trying to work a PHP script for a gallery using a database. I recently changed the script and database so that the gallery will run based on 'photo_caption. The gallery works but if the database contains quotes ( for example the title Nature's Garden And Colors ) the script just pulls the part before the quotes ( so here just the word Nature instead of the whole caption Nature's Garden And Colors) and thereby breaks the links. Now the link structure is like this /viewgallery.php?cname=Colorado%20Journies&pcaption=Nature'sGardenAndColors but because of the problem it shows as /viewgallery.php?cname=Colorado%20Journies&pcaption=Nature

Is there any workaround this problem? How can I get make the $_GET statement to pull the complete photo_caption including the quotes? Thanks for any help...

I now use this code to get the photocaption for the link

$pcaption = isset($_GET['pcaption']) ? ($_GET['pcaption']) : 0;

if( $pcaption ) {

    $result = mysql_query( "SELECT photo_caption, photo_description, photo_filename,photo_keywords FROM gallery_photos WHERE photo_caption='".addslashes($pcaption)."'" ); 

    list($photo_caption, $photo_description, $photo_filename, $photo_keywords) = mysql_fetch_array( $result ); 

    $nr = mysql_num_rows( $result ); 
     mysql_free_result( $result );     

    $p_caption = $photo_caption;
    $p_description = $photo_description;
    $p_keywords = $photo_keywords;

    //fill pid_array with sorted pids in current category 

    $result = mysql_query( "SELECT photo_caption FROM gallery_photos WHERE category_name='".addslashes($cname)."' ORDER BY photo_caption" ); 

    $ct = mysql_num_rows( $result );     

    while ($row = mysql_fetch_array($result)) { 

          $pid_array[] = $row[0]; 
    } 
    mysql_free_result( $result ); 

    if( empty($nr ) ) 
    { 
        print "%%%%NR is $nr";
        $result_final = "\t<tr><td>***No Photo found</td></tr>\n"; 
    } 
    else 
    { 
        $result = mysql_query( "SELECT category_name FROM gallery_category WHERE category_name='".addslashes($cname)."'" ); 
        list($category_name) = mysql_fetch_array( $result ); 
        mysql_free_result( $result );     
        $result_final = "
        <div class=limagePage>
        <div class=llink><a href='viewgallery.php'>ALBUMS</a><span class=arrow>&gt;&gt</span><a href='viewgallery.php?cname=$cname>$category_name'</a></div>
         ";
        // display previous and next links if more than one photo 

        if ($ct > 1) 
        { 

            $key = array_search($pcaption , $pid_array); 
            $prev = $key - 1; 

            if ($prev < 0) $prev = $ct - 1; 
            $next = $key + 1; 

            if ($next == $ct) $next = 0; 

            //$cname = str_replace(" ","_",$cname);
            //$pcaption=str_replace(" ","_",$pcaption);

            $result_final .= "<div class='prevnext'>"; 
            $result_final .= "<span class='prev'><a href='viewgallery.php?cname=$cname&pcaption=".$pid_array[$next]."'><img src='photos/assets/left.png'  border='0' ></a></span>"; 
            $result_final .= "<span class='next'><a href='viewgallery.php?cname=$cname&pcaption=".$pid_array[$prev]."'><img src='photos/assets/right.png'  border='0' ></a></span>"; 
            $result_final .= "</div>";

        }            
    }
    //$cname = str_replace(" ","_",$cname);
    //$pcaption=str_replace(" ","_",$pcaption);
   $result_final .= "<div class=limage><table><tr><td><table class=image><tr>\n\t<td><a href='viewgallery.php?cname=$cname&pcaption=".$pid_array[$next]."'><img src='".$images_dir."/".$photo_filename."' border='0' alt='".$photo_keywords."' /></a>
  <div class=caption>".$photo_caption."</div> 
  <div class='excerpt'>".$photo_description."</div> 
  </td>                    
  </tr></table></td></tr></table><div class=underline></div></div>
  <!-- .limagePage --></div>    ";

Answer 1

unfortunatelly urlencode will not affect ' try to str_replace("'", "%27", $pid_array[$next]) maybe it helps. For example it works for Google in adress bar.

UPD rawurldecode (upd. correct: rawurlencode of course) can do it indeed, anyway the link will look a little bit ugly, full of %53, %27, etc. But don't forget to urldecode($_GET['pcaption']) before using it

Answer 2

Everyone who tried to help me..I want to thank you all for your help. I figured out that besides quotes 'spaces' in the database where photo_caption is also causing issues. So I tried to trim the spaces in the code(it worked) and decided to avoid quotes for now. Just wanted to leave a follow up note... thanks everyone.

Answer 3

rawurlencode($pid_array[$next])

should also do the trick.

note, using variable parsing quotes uses a bit more processing. since you're already doing it halfway..

$result_final .= "<span class='prev'><a href='viewgallery.php?cname=$cname&pcaption=".$pid_array[$next]."'><img src='photos/assets/left.png'  border='0' ></a></span>"; 

could be swapped for:

$result_final .= '<span class="prev"><a href="viewgallery.php?cname='.urlencode($cname).'&amp;pcaption='.urlencode($pid_array[$next]).'"><img src="photos/assets/left.png" border="0" ></a></span>'; 

also & isn't html valid, & now html valid, quotes dont matter and more efficient cpuwise.

Answer 4

use http_build_query(). With this function, you can convert a array to a http query, something like:
$data = array('name' => 'my name', 'city' => 'my city');

$url = "http://your_url.com/?" . http_build_query($data);

The output will be something like: http://your_url.com/?name=my%20name&city=my%20city

Answer 5

You need to encode the url before printing it in the link like so:

<a href='viewgallery.php?cname=$cname&pcaption=".urlencode($pid_array[$next])."'>

Otherwise think link will be cutoff early because the link will look like this:

<a href='viewgallery.php?cname=$cname&pcaption=Nature's photo'>
                                                     ^ ends the link

Answer 6

Try url encoding the values

urlencode($pid_array[$next])

http://php.net/manual/en/function.urlencode.php