7

I can always test this, but I wanted an official answer from a PHP expert (something I am most certainly not).

If someone makes a request like this:

http://www.somedomain.com/a.php?param1=value1&param2=value2&param3=value3?param1=value4&param2=value5&param3=value6

What kinds of consequences are there when I try to access _GET['param2'], for example? It looks like I just get the first value. In this case, it would return value2. Is that expected behavior?

Does the second question mark affect anything? Will there be errors, for example?

Mark Garcia
  • 17,424
  • 4
  • 58
  • 94
boo-urns
  • 10,136
  • 26
  • 71
  • 107
  • I don't know for sure but it might cause a parse error. The parser might expect the '&' token after 'value2' but encountered '?', and so it just quit parsing the request. – Mark Garcia Sep 25 '12 at 04:36
  • Relevant question: [Authoritative position of duplicate HTTP GET query keys](http://stackoverflow.com/questions/1746507/authoritative-position-of-duplicate-http-get-query-keys) – Wiseguy Sep 25 '12 at 04:43
  • you can use multiple separators in arg_separator –  Sep 25 '12 at 04:43

2 Answers2

3

It just gets the last one defined. Defining a parameter more than once in the query string just runs the risk of getting potentially confusing results. It's best to validate your query string in these instances, at least that's what I do.

The second question mark will be treated as part of the value for its preceding parameter.

Yes Barry
  • 9,514
  • 5
  • 50
  • 69
2

You are, officially, not supposed to have two ? in a query string. If you do, the results are undefined. Some platforms (such as PHP) will treat subsequent ? chars the same as & chars, and allow those value/pairs. Others will just treat the value for param3 to be value3?param1=value4.

Short answer: don't do this. It gets wonky. And, as a server author, one should always be validating parameter values carefully to make sure the values make sense.

MarcWan
  • 2,943
  • 3
  • 28
  • 41