Hello,

I'm trying to replace the "%20" (space) from the query string with " " but my page just keeps blowing up when I use str_replace(). I have directories which contain photos of houses and I need the name of the directories to have spaces as they are also used for display purposes. However, when "%20" shows up in the query string it blows up the page and nothing is displayed. I tried running it through str_replace() to replace the "%20" but this doesn't work either.

function get_imgarr()
{
	$rpa = $_GET['pa'];
	$pa = str_replace("%20", " ", $rpa);
	var_dump($pa);
	if(!valid_propadd($pa))
		die("invalid property address!");
	else
	$propadd = $pa;
	$userfolder = $_SESSION['valid_user'];
	$dir = get_imgdir();
	$files = @scandir($dir);
	foreach($files as $value) {
		// check for image files
		if(valid_image_file($value))
			// build image array
			$imgarr[] = $value;
	}
	return $imgarr;
}

Any ideas?

Thanks,

Jason

    Hmmm...values in the $_GET array should already be urldecoded. If you have '%20' in there, something probably is not right in the GET data being sent to your script. Anyway, if you don't want to figure out what the source of the problem is, you could try using the [man]urldecode[/man] function.

      I decided to do this after no luck with urldecode(), however I get the same results with str_replace(). I don't understand what's going on, the page just stops when the query string contains anything other than alphanumeric. I tried commenting out my regex check and I still get the same thing, when I use only integers it works fine.

      Here is the code sent to the query string:

      function display_folders()
{
	//$photoarr = get_imgarr();
	$username = $_SESSION['valid_user'];
	$result = get_agent_info($username);
	$row = $result->fetch_array(MYSQLI_ASSOC);
	echo '<a href="logout.php">Logout</a>'; 
	$userfolder =  $_SESSION['valid_user'] . '/';
	$dir    = 'members/' . $userfolder;
	$files = scandir($dir);
	$count = 0;
	foreach($files as $value) {
    	if(!in_array($value, array('.', '..'))) {

		// check for folders
		if(is_dir($dir.DIRECTORY_SEPARATOR.$value)) {

				$count++;
		}
	}
}
echo '<table align="center" border="0" cellpadding="5"><tr><th colspan="'. $count .'">'. $row['agent_name'] .'</th></tr><tr>';
foreach($files as $value) {
	if(!in_array($value, array('.', '..'))) {

		// check for folders
		if(is_dir($dir.DIRECTORY_SEPARATOR.$value)) {
			$size = getimagesize($dir . $value . '.jpg');
			list($width, $height) = $size;
			$dimarr = array("width" => $width, "height" => $height);
			$scalewidth = .04 * $dimarr["width"];
			$scaleheight = .04 * $dimarr["height"];
			$rvalue = str_replace("_", " ", $value);
    		printf('<td><a href="preview.php?pa=%s">'.
            	'<img src="'. $dir . $value .'.jpg" width="'. $scalewidth .'" height="'. $scaleheight .'" />'.
           		'<br />%s<a/></td>',
           		$value, $rvalue);
		}
	}
}
echo '</tr></table>';
}

      Is it illegal to have underscores in the query string?

      Thanks for the replies,

      Jason

        I believe underscores are OK, but you might as well use [man]urlencode/man to ensure all characters which need to be escaped are escaped. (It's also a good idea to use [man]htmlentities/man to filter any values to be output as "normal" HTML text.)

        //
                printf('<td><a href="preview.php?pa=%s">'.
                '<img src="'. $dir . $value .'.jpg" width="'. $scalewidth .'" height="'. $scaleheight .'" />'.
                '<br />%s<a/></td>',
                urlencode($value), htmlentities($rvalue) );

          Hi Jason,
          I read out your pronlem about space.
          I am new in PHP, but still trying.
          You first check what you are getting by
          echo "$rpa";
          Now if there space looks like blank, then replace it by " ".
          Code:
          $rpa = $_GET['pa'];
          $old_word = " " ;
          $new_word = "";
          $rpa = str_replace($old_word, $new_word, $rpa) ;

          Or if space looks like %20, then replace it by the same.
          Code:
          $rpa = $_GET['pa'];
          $old_word = "%20" ;
          $new_word = "";
          $rpa = str_replace($old_word, $new_word, $rpa) ;

          First read before try, beccause I told you already that I am new in PHP.
          So by read if you will think it makes sense, then just try.

          With Regards,
          Parag Karwade

            Write a Reply...