php redirect and querystring

i have script

    <?p开发者_如何学Chp
$to = $_GET["to"];

header("Location: $to");
?> 

if i call script such

out.php?to=http://site.ru/page.php?param1=1&param2=2

in param $to be only http://site.ru/page.php?param1=1&

how to fix? i want that $to = http://site.ru/page.php?param1=1&param2=2

---

You can escape the URL at the site calling out.php:

<a href="out.php?to=<?PHP echo htmlspecialchars(urlencode($to)); ?>">Go to $to</a>

---

& is a reserved character in an URI. When you access this URL, &param2=2 is interpreted as belonging to the current URL and not to the value of to.
If you want to transmit it literally, you have to encode it with %26:

http://site.ru/page.php?param1=1%26param2=2

Most programming languages provide a function to do so. (e.g. JavaScript, PHP). The best thing is to encode the whole URL.

---

$to must be urlencoded, but note that you giving a redirect script to anyone, so, any phisher can use it.
So, it would be better to store urls in the database and pass only an identifier.

---

try encoding the to URL in base64 and then in the example that u have shown decode it before you pass it to the header :)

---

urlencode it

urlencode($to)

---

I ran into the same problem before, this is what I did:

$arr=explode('?to=',$_SERVER['REQUEST_URI'],2);
$new_to=$arr[1];

Now you can use the $new_to variable. Of course if you're using this for production environment, I would recommend encoding the url as the other answers advised. I was using it for testing curl script. getting the variable this way has lots of flaws, so be careful.

---

You can use a Function called "html_entity_decode"

Click Here for more information about this function

or use md5 function to encrypt the URL and then decrypt it when you put it into a varriable.

I hope this can help you