Current the following string (inside the quotes) "give me a + plz"
should be encoded correctly to "give%20me%20a%20+%20plz" when passed
as a query string.
Now when the query string is presented with $_GET['x'], the result is
"give me a plz". Clearly wrong.
This leads to people (I'm sure I'm not the only one) using crazy hacks
to get something as simple as a query string var.
rawurlencode('give me a + plz') will produce "give%20me%20a%20%2B%20plz"
which is not "give%20me%20a%20+%20plz", but does not 'drop' the "+" when
someone types in the query string.
The following code can be used to show the error (lines may wrap):
<?php
$str = 'give me a + plz';
echo '
<a href="'.$_SERVER['SCRIPT_NAME'].'?qs='.$str.'">As typed by someone</a><br />
<a href="'.$_SERVER['SCRIPT_NAME'].'?qs='.urlencode($str).'">With
urlencode()</a><br />
<a href="'.$_SERVER['SCRIPT_NAME'].'?qs='.rawurlencode($str).'">With
rawurlencode()</a><br />
';
if ($_GET['qs']) {
echo '<p>Results:<br />
'.$_SERVER['QUERY_STRING'].' < $_SERVER[QUERY_STRING]<br />
'.$_GET['qs'].' < $_GET[qs]<br />
'.urldecode($_SERVER['QUERY_STRING']).' <
urldecode($_SERVER[QUERY_STRING])<br />
'.rawurldecode($_SERVER['QUERY_STRING']).' <
rawurldecode($_SERVER[QUERY_STRING])
</p>';
// code to break up the query string because _GET[] is not
// correct - NOT 100% reliable as well!!
$tmp = explode('&',$_SERVER['QUERY_STRING']);
foreach($tmp as $q) {
$qs = explode('=',$q);
for($i = 0; $i < count($qs) ; $i++) {
$real_GET[$qs[$i]] = rawurldecode($qs[++$i]);
}
} // foreach
echo '<p>
What was really passed?? Impossible to tell for sure but less likely to
be what _GET has:<br />'.$real_GET['qs'].'
</p>';
} // _GET[qs]
?>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
