|
-
Mar 2nd, 2009, 11:49 AM
#1
Thread Starter
Member
[RESOLVED] VERY simple question on $_GET!
Hello, I have some code that converts a given password and salt to an md5 hash, as part of a login system of a bigger project that I have been working on.
This is the problem. The password salts are randomly generated, and sometimes they contain special characters. notably the forward slash.
this is my php code:
Code:
<?php
$password = $_GET['p'];
$salt = $_GET['s'];
$finished = "no value inputted";
$password = md5($password);
$finished = md5($password.$salt);
print($finished);
?>
It works perfectly, so I just visit
www.website.com/md5.php?p=password123&s=d4d
BUT if the salt includes a forward slash or an ampersand etc, it obviously ends up making the url look like this:
www.website.com/md5.php?p=password123&s=d/d
www.website.com/md5.php?p=password123&s=d&d
which oibviously messes it all up.
how can I make it so that the php script accepts special characters such as the forward slash without the browser automatically thinking it's a new folder?
I want to be able to input the password salt even with special characters.
I dunno if you can put it in '' quotes or not? hmm
a little help would be appreciated please!
-
Mar 2nd, 2009, 12:23 PM
#2
Re: VERY simple question on $_GET!
the string needs to be run through urlencode before being sent out. That will make any special characters url friendly. Then, on the receiving end, use urldecode to convert the url value back to its original values.
-tg
-
Mar 3rd, 2009, 08:21 AM
#3
Thread Starter
Member
Re: VERY simple question on $_GET!
cool.... and how do I do that?
I need to do a urlencode in vb.net and the urldecode obviously in the php script
-
Mar 3rd, 2009, 08:32 AM
#4
Thread Starter
Member
Re: VERY simple question on $_GET!
ok, I got it sorted. for anyone else who has had this problem this is what you do:
on a vb.net windows form application that will be submitting the string:
dim str as string = "password123^&+ddpoo" ' password with special chars
dim strencoded as string
strencoded = System.Web.HttpUtility.UrlEncode(str)
strencoded will then be a url-friendly version of str. replacing the ampersand etc with the uri equivelents.
as for the php, if you are submitting it as an argument to the php file, the $_GET will automatically decode it.. so no need to add any urldecode stuff to the php script, as $_GET automatically decodes it if needed.
Thanks for the help techgnome
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|