PHP displays space as %20 in the URL?

Question

this is a bit odd question and i never faced this before but here we are:

I have created a simple PHP/MYSQL shop. everything works etc

BUT when I add a product and there is a space OR / OR - in the category name and when i click on the category name in the front end it doesn't show the product(s) that are in that category and when i look at the URL in the address bar it will show it like this:

category_list.php?category=tooth-white%20range

as you can see it has converted the tooth-white range to tooth-white%20range

if i write the category name like toothwhiterange it will work as it should!!

Here is how I get the categories to show up:

<?php
// Run a select query to get my letest 6 items
// Connect to the MySQL database  
include "config/connect.php"; 
$dynamicList2 = "";
$sql = "SELECT DISTINCT category FROM products";
$query = mysqli_query($db_conx, $sql);
$productCount = mysqli_num_rows($query); // count the output amount
if ($productCount > 0) {
    while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){ 
             $category = $row["category"];
             $dynamicList2 .= '<li>
       <a href="category_list.php?category=' . $category . '">' . $category . '</a>
      </li>';
    }   
} else {
    $dynamicList2 = "NO Cats Yet!";
}
?>

could someone please help me with this?

Thanks

EDIT:

sorry guys I really don't know how to explain this but here we go again:

the problem is when i put a space in the name of the category like name of the category, the name of the category will show up on the front end but when i click on it there wont be any products under that category even though there are some products under that category in the database.

However when i remove the spaces or any special characters like - or / from the category name and write it like nameofthecategory it works just fine and it will show the products under that category!

SECOND EDIT:

Here is how i get/display the products under each category depending on what category is selected:

<?php 
if (isset($_GET['category'])) {
// Run a select query to get my letest 6 items
// Connect to the MySQL database  
include "config/connect.php"; 

$category = preg_replace('~[^a-zA-Z0-9]+~', '', $_GET['category']);

$cList2 = "";
$sql = "SELECT * FROM products WHERE category='".$category."'  LIMIT 35" ;
$query = mysqli_query($db_conx, $sql);
$productCount = mysqli_num_rows($query); // count the output amount
if ($productCount > 0) {
    while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){ 
             $id = $row["id"];
             $product_name = $row["product_name"];
             $price = $row["price"];
             $category = $row["category"];
             $stock = $row["stock"];
             $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
             $cList2 .= '<table style="float:left; margin-top:10px;" width="25%" border="0" cellspacing="0" cellpadding="0">
      <tr>
    <td align="center"><a href="product.php?id=' . $id . '"><img  style="border:solid 1px #999;" src="inventory_images/' . $id . 'Image1.jpg" width="124" height="124" /></a></td>
  </tr>
  <tr>
    <td id="nameHolder" class="nameHolder" style="text-align:left; padding-left:5px;" rowspan="" height="34"><a href="product.php?id=' . $id . '">' . $product_name . '</a></td>
  </tr>
  <tr>
    <td style="text-align:left; padding-left:5px; color:#C33; font-size:17px;" height="30"><strong style="color:#999;">Price:</strong> £' . $price . '</td>
  </tr>
  <tr>
    <td style="text-align:left; padding-left:5px; color:#C33; font-size:17px;" height="30">' . $stock . '</td>
  </tr>
  <tr>
    <td style="text-align:left; padding-left:5px;" height="15"><a href="product.php?id=' . $id . '">view</a></td>
  </tr>
  <tr>
    <td height="50" align="left"><form method="post" action="product.php?id=' . $id . '"><input type="submit" class="button" name="button" id="button" value="Add to cart" /></form></td>
  </tr>
</table>';
    }
}
} else {
    $cList2 = "We have no products listed in our store yet";
}

?>

That is how it should be. The `%20` is simply how a space is written in websites. — Anonymous, Jan 25 '14 at 17:59
take a look at [`urlencode()`](http://php.net/urlencode) and [`urldecode()`](http://php.net/urldecode) — Sean, Jan 25 '14 at 18:04
[Spaces are not allowed in URLs.](http://stackoverflow.com/a/1547940/53114) `%20` is how the [percent-encoding](http://tools.ietf.org/html/rfc3986#section-2.1) encodes a space character. — Gumbo, Jan 25 '14 at 18:04
You dont need to strip your $_GET with regex, you need to use prepared query's instead — Lawrence Cherone, Jan 25 '14 at 18:36

Lawrence Cherone · Accepted Answer · 2014-01-25T18:19:31.163

2

Its normal that %20 is added, as spaces are not really url friendly and abit discouraged within file naming conventions, the 20 is the hex(base16) representation of a space char.

If it effect your code you could always use urldecode() to convert it back.

Why does it have to be encoded?

Going to the HTTP layer when you make a request to the web your browser will open a socket to the server and do a HTTP request:

GET category_list.php?category=tooth-white%20range HTTP/1.1 //Good

GET category_list.php?category=tooth-white range HTTP/1.1 //Bad

If you have a space this will cause the request to break as the protocol there is a space after the url in the HTTP request.

edited Jan 25 '14 at 18:19

answered Jan 25 '14 at 18:05

Lawrence Cherone

46,049
7
62
106

okay, how do I have to use the `urldecode()` to convert it back? is it something like this: `$dynamicList2 .= '
' . $category . '

user2953877

Jan 25 '14 at 18:23

PHP will convert any url encoded superglobals back to there original state as you expect. you would only use urldecode() if you scraped some text into a $globalvar and it was encoded. Do some tests on `print_r($_GET['category'])` your see it will not have %20 when PHP finally has it. – Lawrence Cherone Jan 25 '14 at 18:29

@user2953877 `$category = preg_replace('~[^a-zA-Z0-9]+~', '', $_GET['category']);` is going to remove your space and cause it not to find the matching row – Lawrence Cherone Jan 25 '14 at 18:35

okay, i'm a bit confused by what you said! I know that it won't print/echo the category with %20 in the page! – user2953877 Jan 25 '14 at 18:37

your regex will remove the spaces so its not going to match. You should remove the regex and use prepared mysqli query's instead. – Lawrence Cherone Jan 25 '14 at 18:39

score 1 · Answer 2 · answered Jan 25 '14 at 18:10

1

When a website URL is encoded %20 is the ASCII code for a space and you can only transmit ASCII characters. In PHP all Superglobals ($_POST, $_GET, etc) are urldecoded by default (and further more, you shouldn't try to decode them again). It's just a different representation of your value. In your code where you build the link, you could easily:

$dynamicList2 .= '<li> <a href="category_list.php?category=' . urlencode($category) . '">' . $category . '</a> </li>';

This will ensure your link is built in the proper encoded manner. If you are ever referencing superglobals though, do not urldecode them. The warning in the PHP Documentation specificially mentions this.

http://us2.php.net/manual/en/function.urldecode.php

answered Jan 25 '14 at 18:10

frosty

769
6
18

I've tried your solution and it didn't work! it will add a `+` sign instead of `%20` in the URL but still doesn't show the products under that category which means it still treat the `+` sign as a special character! – user2953877 Jan 25 '14 at 18:18
```urldecode``` will treat %20 and + the same way and I suppose urlencode uses a + instead of %20. The issue you have to resolve is getting the value from the query string (which will be encoded) to match the value that you have stored in the database. Your code doesn't show how you are using the data in the query string. if you pass in ```?category=tooth-white+range``` when you reference ```$_GET['category']``` you should see ```tooth-white range```. Do you have the code for displaying the categories? There really isn't much here to go on, seems like a simple encoding/decoding issue... – frosty Jan 25 '14 at 18:27
I've edited my question with the code from the `category_list.php`. that is how i get/display the products under each category! any advise would be appreciated! – user2953877 Jan 25 '14 at 18:36
Is it stored ```tooth-white range``` in the database? If so, your regular expression is removing the white space from the $_GET['category'] and making it tooth-whiterange. Since $_GET variables are already urldecoded you could just use that value, or you could modify your regex to not replace spaces. In this case, I'd actually recommend modifying your regex, since that's acting as a validation for the data you are using directly in your query. – frosty Jan 25 '14 at 18:42
yes, it is stored as `tooth-white range` in the database and that is why I doesn't work properly because when i change it to `toothwhiterange` <<< removed the `-` and the `space`, it works fine! – user2953877 Jan 25 '14 at 18:45
Yeah if you modify your regular expression to be something like this... $category = preg_replace('~[^a-zA-Z0-9\s]+~', '', $_GET['category']); At least that's the idea, because $_GET['category'] is returning what you expect, but the preg_replace is actually taking the space that you are expecting out. That is why it is working when you cram it together – frosty Jan 25 '14 at 19:33

score 0 · Answer 3 · answered Jan 25 '14 at 18:05

0

URLs cannot contain spaces. They should be encoded as %20. Either your browser or the server is fixing it before PHP gets hold of it.

Use urldecode to convert content from a URL to text.

answered Jan 25 '14 at 18:05

Quentin

914,110
126
1,211
1,335

PHP displays space as %20 in the URL?

3 Answers3

Why does it have to be encoded?