开发者

Passing & in URL variable with the help of urlencode

开发者 https://www.devze.com 2022-12-23 01:14 出处:网络
I have done urlencode of the variable before passing to the URL http://example.com/Restaurants?alias=F%26B

I have done urlencode of the variable before passing to the URL

http://example.com/Restaurants?alias=F%26B

But when I try to print like in the page

 $alias =  rawurldecode($_GET['alias'])开发者_JAVA百科;
 echo $alias;

it prints only F. How to solve this?


I doubt that $_GET['alias'] exists when requesting a URL with the query aliasF%26B. It’s rather $_GET['aliasF&B'] that’s getting populated.

In this case you need to use $_SERVER['QUERY_STRING'] to get the full query.


It looks like you are not using the query string "correctly." It should be in key=value pairs. I would look at using $_SERVER['QUERY_STRING'] to get your information instead.


You don't need to urlencode the pair. You only need to urlencode name and a value as such:

Wrong:

urlencode('aliasF=B')

Correct:

urlencode('aliasF') . '=' . urlencode('B')


AFAIK $_GET are already decoded.

See php.net

The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.


It is possible to solve this problem by using a different encoding system specific for your situation:

function encode($string)
{
  $result = str_replace("|","||",$string);
  return str_replace("&","|20",$result);
}

function decode($string)
{
  $result = str_replace("|20","&",$string);
  return str_replace("||","|",$result);
}

This will basically create a separate escaping system using the '|' character. That character can be anything you normally don't use and isn't an field separator.

Here, Apache won't transform the URL to something different, thus voiding the conversion. Also browsers won't transform it.

Mind that you would decode($_GET['alias']) and encode() the url that the user is pressing or the script is following.

0

精彩评论

暂无评论...
验证码 换一张
取 消