0

I realized a pretty obvious problem with my search, but don't know how to fix it. Say someone searches for "Hello there" it would of course come up something like ?s=Hello+there in the URL.

However, how do I deal with people searching for something like "Hello & such"? The browser will read the second query as ?s=Hello+&+such which makes it stop the search variable at "Hello". I have the same problem with the pound symbol. If someone searches for something with the pound symbol, it gets added on as though it's a URL fragment, rather than part of the search query.

I can't seem to find information for how to handle this, can anyone give me a hand?

Ian
  • 1,850
  • 6
  • 23
  • 38
  • Use [`urlencode()`](http://php.net/urlencode) for outputting URL params. That's what browsers do for form fields. – mario May 29 '12 at 01:17

2 Answers2

3

This is where encoding and escaping comes into play. For php see url encode.

However due to the nature of your problem I think you are rather looking for js function:

Encode URL in JavaScript?

Community
  • 1
  • 1
d_inevitable
  • 4,381
  • 2
  • 29
  • 48
  • I agree that he needs to do this in the javascript side, rather than on the server-side. – James Black May 29 '12 at 01:19
  • Not necessarily. Using a form with `action="get"` would automatically do this, otherwise there's no real difference between doing this server-side or client-side, but you should also consider what happens if the user changes the source code using Chrome's developer tools for example, or simply disabling JS? – casraf May 29 '12 at 01:21
  • @OhMrBigshot the browser takes care of the encoding when submitted with a form. But since the op is encountering a problem, I am assuming its because of his JS. – d_inevitable May 29 '12 at 01:22
  • Then that's solving his problem right now, but it's bad practice. Security should never be handled on the client's side, maybe just enhanced – casraf May 29 '12 at 01:25
  • @OhMrBigshot I don't think the question is about security... Server side validation and correct data transmission are two different things. – d_inevitable May 29 '12 at 01:26
  • @d_inevitable still, assuming JS is turned off, this wouldn't work – JS fix is great in all but it needs a server-side backup – casraf May 29 '12 at 01:28
  • @OhMrBigshot I think you have miss-understood my answer. I was assuming the op had a bug in his JS. As in his JS is somehow generating a query string a sending it by ajax. If he is not using JS or if js is disabled on the browser, then we cannot possible encounter the described bug unless the server is somehow generating bad anchor links. For that `urlencode()` comes into the place. Security is off topic here because this is client side problem and as you said, it is impossible to trust the client side. And the op did not ask for server side validation. He asked for proper submission of data. – d_inevitable May 29 '12 at 01:34
1

Searching & will not break your search. If you're using a GET form to make that search, the & would automatically be changed to %26. Same for other symbols.

Manually escaping with urlencode() for PHP or simple find/replace for JS (or some function whirling around online) should do the trick fool-proof.

casraf
  • 21,085
  • 9
  • 56
  • 91