iframe not loading properly

Question

I am loading a page in an iframe. This is the code i am using:

File: iframe_load.html

<?php echo 'URL = '.$_REQUEST['url']; ?>
<iframe width="1015px" id="article_frame" src="<?php echo $_REQUEST['url']; ?>" style="border:0 none;"  height="576px" sandbox="allow-scripts"></iframe>

In my browser if i am browse this url:

http://mywebsite.com/iframe_load.html?url=http://www.northjersey.com/r?19=961&43=515347&44=234450391&32=4497&7=309037&40=http%3A%2F%2Fwww.northjersey.com%2Fnews%2FSecret_bunker_under_Prague_hotel_opens_to_public_.html&nid=4306612

then the $_REQUEST['url'] only showing the value partially. So my iframe not showing the actual page content. Please help me.

Answer 1

Let me simplify that URL for demonstration purposes:

http://yoursite.com/iframe_load.html?url=http://theirsite.com/index.php?a=1&b=2

Notice that their website's URL contains a query string (index.php?a=1&b=2) as well. Because the URL contains &, this is how PHP splits the string:

1. url=http://theirsite.com/index.php?a=1 &
2. b=2

As you see, url now only holds a part of the URL, not the complete URL (because it was split by &).

The & sign 'breaks' the URL too soon, so you have to replace it with something that doesn't break the URL.

You must pass iframe_load.html an encoded URL, to prevent PHP from mis-interpreting the URL:

http://yoursite.com/iframe_load.html?url=http%3A%2F%2Ftheirsite.com%2Findex.php%3Fkey1%3Dval1%26key2%3Dval2

(see that the part after iframe_load.html?url= doesn't contain any ? or & anymore)

If you link to iframe_load.html from another page, you can use PHP's function urlencode() to do this for you:

some page that links to iframe_load.html

<?php
// create a variable with the URL
// this is the normal URL, we will encode it later, when we echo it.
$other_websites_url = 'http://theirsite.com/index.php?key1=val1&key2=val2';
?>

<a href="http://yoursite.com/iframe_load.html?url=<?php echo urlencode($other_websites_url); ?>">Click to go to iframe_load.html</a>
<?php //                                                     ^ see, here we urlencode the URL, just before we paste it inside our own URL.

Using urlencode(), the special characters in the URL (such as &) are changed into HTML entities, so they (temporarily) loose their meaning, and don't break the URL. Don't worry, the URL will be decoded when you access it in iframe_load.html, so you'll have the correct URL for the iframe.

This is what their website's URL looks like when it's encoded: http%3A%2F%2Ftheirsite.com%2Findex.php%3Fkey1%3Dval1%26key2%3Dval2

As you can see, & has been replaced with %26, and other characters have been replaced as well. Now you can simply paste it into your URL:

http://yoursite.com/iframe_load.html?url=http%3A%2F%2Ftheirsite.com%2Findex.php%3Fkey1%3Dval1%26key2%3Dval2

Because the URL of the other website doens't contain & anymore, PHP won't split the URL.