Copy link to clipboard
Copied
Hi, i have posted some messages previously about this, the thing is:
i send some text from flash to php, and this text gets stored urlencoded (or escaped). this way, there are no 'risky chars' like ", ', > or <
when php receives this string, it encodes automatically since it receives it as a post var, so it assumes it has to decode it so it has meaning. because of this, i encode it again in the php, so i can store it, manipulate etc (the flash sends it encoded but it gets decoded when it reaches php)
when i send it back to flash, i send it encoded as it was stored but encapsulated within some xml. this way, the text inside the xml, since it is encoded, does not have chars that may screw the xml, and it is not decoded automatically since xml is not the same as urlvars
this has worked so far concerning security, so i can send messages qwith chars like <>' " and everything is ok, but, the ugly part is with tilded chars. i have no idea why, when those chars arrive to the php, the string is another one from what i send.
i made an example to prove my point, with only the necessary functionality. for some reason the xml received is not parsed correctly or missunderstood, but since that is not the point of my problem, i didnt made any effort to figure why it could not separate or parse the property that contained the encapsulated text.
the whole code for the flash movie is (create an empty flash with a text box called _result_textbox)
---------------------------------
var _loader:URLLoader = new URLLoader();
_loader.dataFormat = URLLoaderDataFormat.VARIABLES;
function send_some_stuff():void {
var _text_with_tildes:String = "some text with tildes and stuff: áéíóúñÑÁÉÍÓÚüÜ, and other chars: ', \", <, >";
var _stuff:URLVariables = new URLVariables("text="+escape(_text_with_tildes)+"&a=a");
var _request:URLRequest = new URLRequest("test_tildes.php");
_request.method = URLRequestMethod.POST;
_request.data = _stuff;
//
try
{
_loader.load(_request);
}
catch (_error:Error)
{
}
}
function tildes_result(_event:Event):void {
var _result:URLLoader = _event.target as URLLoader;
//
var _result_XML:XML = new XML(_result.data);
if (_result_XML.hasOwnProperty("@text")==false)
_result_textbox.text = "no text, " + unescape(_result_XML.toString());
else {
var _result_string:String = unescape(_result_XML["@text"]);
_result_textbox.text = _result_string;
trace(_result_string);
}
}
_loader.addEventListener(Event.COMPLETE, tildes_result);
send_some_stuff();
--------------------------------------------------
and the complete php, which should be in a file called "test_tildes.php" is this:
<?PHP
echo "<?xml version=\"1.0\"?>\n";
echo "<asd text=\"" . urlencode($_POST["text"]) . "\">";
echo "<filling/></asd>";
?>
--------------------
what i am trying to show is that when flash sends the text: "some text with tildes and stuff: áéíóúñÑÁÉÍÓÚüÜ, and other chars: ', \", <, >";
it goes escaped, gets to the php and is unescaped (urldecoded) automatically, and the resulting string is something like:
"some text with tildes and stuff: áéÃóúñÑÁÉÍÓÚüÜ, and other chars: ', ", <, >"
everything seems fine except for the áéíóúñÑÁÉÍÓÚüÜ part, i have no idea why. any pointers? tnx
Copy link to clipboard
Copied
I had the same problem
Unfortunately the escape(string) has quite a few differences with UrlEncode(String) :-
php UrlEncode
á=%E1
é=%E9
í=%ED
ñ=%F1
escape
á=%C3%A1
é=%C3%A9
í=%C3%AD
ñ=%C3%B1
I only had to fix a couple of symbols in mine, but the method I used is below, it will require you to use traces to find out what all the symbols encoded and escaped are:-
for á from php into actionscript
var fix_%E1:RegExp = /\%E1/g;
var result_%E1:RegExp = /\%C3%A1/g;
var pre_escape_string1_from_xml:String = xmlData.Records.TheBitYouWant
var sub_pre_escape_string1_from_xml:String = pre_escape_string1_from_xml.replace (fix_%E1, result_%E1);
var ready_string1_from_xml:String = unescape (sub_pre_escape_string1_from_xml);
This can of course be smushed into 2 lines.
Copy link to clipboard
Copied
Hi, tnx! have not tried that yet but definitely will check it out
Copy link to clipboard
Copied
hi, again. I am not sure if i am doing this right, what i have written is:
(...)
//
var _entra_a:RegExp = /\%C3%A1/g;
var _entra_e:RegExp = /\%C3%A9/g;
var _entra_i:RegExp = /\%C3%AD/g;
var _entra_o:RegExp = /\%C3%B3/g;
var _entra_u:RegExp = /\%C3%BA/g;
var _entra_n:RegExp = /\%C3%B1/g;
var _entra_am:RegExp = /\%C3%81/g;
var _entra_em:RegExp = /\%C3%89/g;
var _entra_im:RegExp = /\%C3%8D/g;
var _entra_om:RegExp = /\%C3%93/g;
var _entra_um:RegExp = /\%C3%9A/g;
var _entra_nm:RegExp = /\%C3%91/g;
var _entra_ud:RegExp = /\%C3%BC/g;
//
var _sale_a:RegExp = /\%E1/g;
var _sale_e:RegExp = /\%E9/g;
var _sale_i:RegExp = /\%ED/g;
var _sale_o:RegExp = /\%F3/g;
var _sale_u:RegExp = /\%FA/g;
var _sale_n:RegExp = /\%F1/g;
var _sale_am:RegExp = /\%C1/g;
var _sale_em:RegExp = /\%C9/g;
var _sale_im:RegExp = /\%CD/g;
var _sale_om:RegExp = /\%D3/g;
var _sale_um:RegExp = /\%DA/g;
var _sale_nm:RegExp = /\%D1/g; var _sale_ud:RegExp = /\%FC/g;
//
(...)
_texto_encoded = _elemento["@contenido"];
_texto_encoded.replace(_sale_a, _entra_a);
_texto_encoded.replace(_sale_e, _entra_e);
_texto_encoded.replace(_sale_i, _entra_i);
(...)
_nuevo_texto[6] = unescape(_texto_encoded);
(etc)
it makes sense what you said, but i still get the same aliens instead of the chars i want. will keep trying
Copy link to clipboard
Copied
got it, it worked! tnx
var _texto_encoded:String = "%C3%A1%C3%A9%C3%AD%C3%B3%C3%BA";
//
var _entra_a:RegExp = /\%C3%A1/g;
var _entra_e:RegExp = /\%C3%A9/g;
var _entra_i:RegExp = /\%C3%AD/g;
var _entra_o:RegExp = /\%C3%B3/g;
var _entra_u:RegExp = /\%C3%BA/g;
var _entra_n:RegExp = /\%C3%B1/g;
var _entra_am:RegExp = /\%C3%81/g;
var _entra_em:RegExp = /\%C3%89/g;
var _entra_im:RegExp = /\%C3%8D/g;
var _entra_om:RegExp = /\%C3%93/g;
var _entra_um:RegExp = /\%C3%9A/g;
var _entra_nm:RegExp = /\%C3%91/g;
var _entra_ud:RegExp = /\%C3%BC/g;
//
var _sale_a:String = "%E1";
var _sale_e:String = "%E9";
var _sale_i:String = "%ED";
var _sale_o:String = "%F3";
var _sale_u:String = "%FA";
var _sale_n:String = "%F1";
var _sale_am:String = "%C1";
var _sale_em:String = "%C9";
var _sale_im:String = "%CD";
var _sale_om:String = "%D3";
var _sale_um:String = "%DA";
var _sale_nm:String = "%D1";
var _sale_ud:String = "%FC";
//
trace("original: "+_texto_encoded);
//
_texto_encoded = _texto_encoded.replace(_entra_a, _sale_a);
_texto_encoded = _texto_encoded.replace(_entra_e, _sale_e);
_texto_encoded = _texto_encoded.replace(_entra_i, _sale_i);
_texto_encoded = _texto_encoded.replace(_entra_o, _sale_o);
_texto_encoded = _texto_encoded.replace(_entra_u, _sale_u);
//
trace("corregido: "+_texto_encoded);
//
trace(unescape(_texto_encoded))
Copy link to clipboard
Copied
I'm glad you've got a workaround, I might have some free time this afternoon, I'll see if there is a nicer one....Good luck.
Copy link to clipboard
Copied
There is a variety of problems with your original script.
Problem 1: I wouldn't use data format of VARIABLES, I would use text:
_loader.dataFormat = URLLoaderDataFormat.TEXT;
I had all kinds of problems parsing the response into xml properly when _loader was VARIABLES.
Problem 2: You don't need to escape or unescape anything. Flash will take care of that for you if you use the proper syntax:
var _text_with_tildes:String =
"some text with tildes and stuff: áéíóúñÑÁÉÍÓÚüÜ, and other chars: ', \", <, >";
var _stuff:URLVariables = new URLVariables();
_stuff.text = _text_with_tildes;
_stuff.a = "a";
Problem 3: You need your PHP to tell Flash that the XML sent is utf-8.
This code works for me:
// AS3 CODE
import flash.xml.*;
var _loader:URLLoader = new URLLoader();
_loader.dataFormat = URLLoaderDataFormat.TEXT;
function send_some_stuff():void {
var _text_with_tildes:String = "some text with tildes and stuff: áéíóúñÑÁÉÍÓÚüÜ, and other chars: ', \", <, >";
var _stuff:URLVariables = new URLVariables();
_stuff.text = _text_with_tildes;
_stuff.a = "a";
var _request:URLRequest = new URLRequest("http://192.168.1.2:8888/test_tildes.php");
_request.method = URLRequestMethod.POST;
_request.data = _stuff;
//
try
{
_loader.load(_request);
}
catch (_error:Error)
{
trace('there was an error:' + _error.toString());
}
}
function tildes_result(_event:Event):void {
try {
var xmlResponse:XML = new XML(_event.target.data);
} catch (e:Error) {
trace('xml error:' + e.toString());
}
trace("result:" + xmlResponse.@text);
}
_loader.addEventListener(Event.COMPLETE, tildes_result);
send_some_stuff();
// PHP CODE
header('Content-type: text/xml');
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n";
echo "<asd text=\"" . htmlspecialchars($_REQUEST["text"]) . "\" />";
Copy link to clipboard
Copied
hi, tnx for your answer, i had to escape though, this was not the only text i was sending, i was building a string of vars to send, and if for example the original text had '&', the whole construction would have been useless,
if (some_condition) _send_string += "&" +var_name_base + var_count.toString()+"="+some_escaped_text; // assume '_escaped_text' had an '&' and was not escaped
it works now, at least for the chars relevant to spanish language, though it probably would have worked in a more general way with the utf8 thing
Copy link to clipboard
Copied
No, you didn't have to escape anything. If you read my code closely, you can see that I'm sending two distinct variables:
_stuff.text = _text_with_tildes;
_stuff.a = "a";
These vars are entirely separate and there's no chance of crosstalk.
You should avoid creating query strings if you don't have to. It's easy for you to forget to escape something.
Copy link to clipboard
Copied
you are right, i wouldnt have to, i would had to instead, for each condition:
vars_to_send["post_var_name"] = string or value for that var.
also, in the text you send back from php, i didnt have to escape (urlencode from php side), but what if the text inside the xml had a '/>' ?. of course i didnt have to since flash offers many ways, and what flash does is, if a string is given in the constructor, is parse in the same way i did, using the same escape function (only called within the constructor, since that is what it has to pass to the php); on the other hand, what does it have to do with the character coding?
--- edit:
ok, sorry about being crabby, it was useful about the utf-8, i'll consider this next time, and i checked the htmlspecial chars php functions, it seems to do the same thing, which would only scape those chars, though i have to think about it a bit more
Copy link to clipboard
Copied
You don't even have to use the array notation. I think you can just assign the values:
vars_to_send.post_var_name = "blah blah blah";
which is easier to type.
'escape' in Actionscript "url encodes" values so that they will surive the intact through the various processes involved handing url. The basic idea is that you are encoding strings that contain characters which might somehow be interpreted as a meaningful part of a url or might be corrupted if processed as a url. To be honest, I'm not entirely sure what this means. I just know that you use url encoding when you are creating a url from some data. RFC 1738 and RFC 3986 should have more detail if you are curious.
Generally speaking you shouldn't need to use escape in actionscript unless you are assembling a query string manually. Classes like URLVariables handle this for you.
The issue of XML is a different beast. The characters < > ' and " are the ones you really need to worry about because a quote in your data might terminate an attribute and an angle bracket (< or >) might terminate an element. I have used htmlspecialchars to deal with this on the php side. htmlentities is another possibility. These functions will turn > into > and " into " or whatever. As you can tell, this is a different kind of escaping but in the example code I posted, you should see that flash is automatically handling the stuff.
I don't know if htmlspecialchars is enough if your text contains newline chars. I'm not really sure what to do in that case.
I'm aware you can supply a query string to the URLVariables constructor, but this seems like extra work to me. I'd just call the constructor with no params and assign my vars as properties.
Copy link to clipboard
Copied
no, i can't. as i have already said, this was a script specifically to show what the problem was, and how each side understood the text, and the message i send has a different number of variables that are created dinamically. in the server side there are some 'isset' statements to verify how many or which vars got there, the content is given by those post vars, which are not always the same (could be one or thousands). i have no way to set that in design time, this is also why in part the result is given as xml; also the result has hierarchic structure. this is not a windows form
Copy link to clipboard
Copied
OK I guess I understand. If you must iterate through an objects properties or all the members of an array, I would use the array notation style in this approach:
// let's assume you have an array myArray and want to send all objects
var varsToSend:URLVariables = new URLVariables();
for(var i = 0; i<myArray.length; i++) {
varsToSend['e' + i.toString()] = myArray;
}
varsToSend.itemCount = myArray.length;
Or whatever approach you must have to work with your PHP script.
Personally, I like to use Sephiroth's serializer or if you have amfext installed in your PHP server then you can use it. There's also amfphp which is kind of the gold standard for exchanging data between flash and php.