$_GET value from URL that contains space

Question

I have a table with a clickable row and a textbox which value is the name clicked on the row, easy. This is a sample of my code. The table :

<table border="2">
        <tbody>
            <tr>
                <td>Categorie number</td>
                <td>Categorie name</td>
            </tr>
                <?php
                    $SQLCategorie = mysqli_query($db,'SELECT * FROM categorie ORDER BY Name_categorie');
                    while($row= mysqli_fetch_array($SQLCategorie))
                    {
                        echo '<td>' .$row[0]. '</td>';
                            echo "<td><a href='GererCategorie.php?Name_categorie=".$row[1]."' >".$row[1]."</a></td>";  
                        echo "</tr>";
                    }
                ?>  
        </tbody>
</table>

And the textbox :

<input type="text" name="Delete_Categorie" 
                    <?php 
                        if (isset($_GET['Name_categorie'])) 
                        {
                            echo "value=".$_GET['Name_categorie'];
                        }
                    ?>
>

Everything works fine but I have a weird problem. For example I have INTERNET EXPLORER in my database and my URL looks like ?Name_categorie=INTERNET%20EXPLORER. The textbox only shows INTERNET, I CANNOT echo INTERNET EXPLORER.

I know that my probleme may seem easy but I have no idea how to echo the full name. I need to get it because I have EXCEL 2003 and EXCEL 2010 but it only shows EXCEL. For EXCEL 2010 I have in my URL EXCEL%202010

possible duplicate of [What's wrong with putting spaces in $\_GET variables](http://stackoverflow.com/questions/6364793/whats-wrong-with-putting-spaces-in-get-variables) — Saty, May 26 '15 at 14:11
Not a duplicate, but the code seems vulnerable to that issue, so take a look at it anyway @Hearner :) — Josef Engelfrost, May 26 '15 at 14:25

score 4 · Accepted Answer · answered May 26 '15 at 14:14

4

Take a look at the HTML you are generating, your output will look something like this:

<input type="text" name="Delete_Categorie" value=INTERNET EXPLORER>

So the browser will read this as value being INTERNET, and EXPLORER will be interpreted as an attribute name.

You need to add quotes around your text.

echo "value=\"".$_GET['Name_categorie']."\"";

This will output

<input type="text" name="Delete_Categorie" value="INTERNET EXPLORER">

answered May 26 '15 at 14:14

Josef Engelfrost

2,955
1
29
38

PERFECT Thank you, that solved my problem. Now I understand,I had not thought about it – Hearner May 26 '15 at 14:17
I can't click `This answer is helpful` though – Hearner May 26 '15 at 14:18
@Hearner you can accept it. Press the tick underneath the 0 – Loko May 26 '15 at 14:19
Ow yes sorry i did not know. Thank you @Loko – Hearner May 26 '15 at 14:21

foxbeefly · Answer 2 · 2015-05-26T14:12:53.223

1

You need to urlencode()

echo "<td><a href='GererCategorie.php?Name_categorie=".urlencode($row[1])."' >".$row[1]."</a></td>";

and then urldecode()

echo "value=".urldecode($_GET['Name_categorie']);

edited May 26 '15 at 14:12

answered May 26 '15 at 14:09

foxbeefly

510
3
13

It adds `+` between the words. `EXCEL 2010` becomes `EXCEL+2010` – Hearner May 26 '15 at 14:12
`rawurldecode()` and `rawurlencode()` makes/moves percent signs you are facing in code. – Tpojka May 26 '15 at 16:44

score 0 · Answer 3 · answered May 26 '15 at 14:18

As alternative, you could replace a white space with a _ before using it in the href="" and then after you get the value of the textbox you can replace the _ with a whitespace again.

Example:

echo "<td><a href='GererCategorie.php?Name_categorie=".str_replace(' ', '_',$row[1])."' >".$row[1]."</a></td>";

and in your value:

echo "value=".str_replace('_', ' ',$_GET['Name_categorie']);

$_GET value from URL that contains space

3 Answers3