Menu
I have a PHP page where I'm passing the city name via a "city" URL/GET variable. Currently, it's passing the actual city name even if it has spaces (eg .php?city=New York). I then take the $city GET variable and run a MySQL query against cities.name.
This works just fine - but I've always been under the impression any variables, URL/GET or otherwise should never have spaces. I'm more than capable of either replacing the spaces w/ underscores, or removing them, and putting them back in for the query...etc - but I thought I'd ask first in case spaces are completely fine, and it was just my superstition telling me otherwise.
827
Variable names can start with a letter or an underscore, but can not start with a number. Spaces are not allowed in variable names, so we use underscores instead of spaces. For example, use student_name instead of "student name". You cannot use Python keywords as variable names.
A basic rule of R is to avoid naming data-frame columns using names that contain spaces. R will accept a name containing spaces, but the spaces then make it impossible to reference the object in a function.
Our recommendation is to avoid using spaces in URLs, and instead use hyphens to separate words. If you are unable to do this, make sure to encode whitespace using "+" or "%20" in the query-string, and using "%20" within the rest of the URL.
URLs are encoded as RFC 1738 which specifies %20 . Show activity on this post. According to the W3C (and they are the official source on these things), a space character in the query string (and in the query string only) may be encoded as either " %20 " or " + ".
Spaces are fine, and are generally encoded with +.
To be extra safe, use urlencode() on your values if manually adding them to your GET params.
echo urlencode('New York'); // New+York
CodePad.
Otherwise, if your form if submitting as GET params, just leave them as they are :)
I then take the $city GET variable and run a MySQL query against cities.name.
Make sure you are using the suitable database escaping mechanism to be safe from SQL injection.
110
This works fine without using encodeURI() or encodeURIComponent() for parameters with blank spaces from Javascript to Php or Python.
echo shell_exec("python test.py \"".$_POST['ytitle']."\" \"".$_POST['yurl']."\"");
Thanks for the note from https://stackoverflow.com/users/8712097/tom-aranda Here's the safer code.
system(escapeshellcmd("python GreaseMonkey_Php_Youtube_srt_generator.py ".$_POST['yurl']));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
