B4J Question % symbol in PostString variable causing problems

lledden

Member
Licensed User
Longtime User
I'm using B4J v6.3 with jOkHttpUtils2 V2.62. While testing special characters in variables used in a PostString I found that variables containing '%' followed by numbers appear to be converted into special (usually nondisplayable) characters when received by php code

For example
j.PostString("http://localhost:80/Remote/AddPersonMin.php","doctorid=" & SelectedDoctorID & "&firstname=" & PatFirst & "&lastname=" & PatLast & "&username=" & PatUser & "&userpassword=" & PatPswd )

where PatPswd = "%3636"

becomes $userpassword = "636" in the following php line

$userpassword = $_POST["userpassword"];

if PatPswd = "%2345 then $userpassword is displayed as 'box'345

I've tried single quotes, $_@ and other special characters and I don't see this behavior
 

DonManfred

Expert
Licensed User
Longtime User
Try
PHP:
$userpassword = urldecode($_POST["userpassword"]);
http://php.net/urldecode

Edit: Sorry, no...
Are you using urldecode on the password maybe by mistake?
Maybe later in your code?
using urldecode the %23 is intepreted and replaced
 
Upvote 0

Daestrum

Expert
Licensed User
Longtime User
Have you tried replacing the % in the sent string with %25 before you send it? (%25 = % character)
 
Upvote 0

lledden

Member
Licensed User
Longtime User
Thanks for the responses. I don't use urldecode anywhere in any php code. I am using prepared statements and don't use any filtering or escape methods either. So it was a bit baffling. I can do a substitution, but I would like to understand why this is happening. Where is it getting converted. Erel said the string is sent as-is. The only command on the php side is to retrieve the POST variable... soo.. where is it getting changed and why?
 
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
You are using the application/x-www-form-urlencoded protocol.
In this protocol percentage has special meaning.

So the PHP method treats those characters as it should based on the protocol. BTW, how will your code work if the password includes a & sign?

The simplest solution is to base64 encode the password and decode it on the server.
 
Upvote 0
Top