4

I'm trying to pass a URL as a parameter, but that URL also has parameters. Of course these parameters are important and must be transmitted and properly interpreted.

For example : http://example.com/myclicktrackingscript.php?source=sidebar&url=http://example.com/redirect_to.php?site=site1

(yes I know, I could click track and redirect all at once in one file, but in some specific situations, I just can't : sometimes I need to pass whatever URL with parameters AS a parameter)

So far i've used URL rewriting : http://example.com/redirect_to.php?site=site1 => http://example.com/redirect/site1/

.. but that's not very handy (too many specific situations where I need more flexibility)

Is there a better way to do that ?

My guess is maybe hashing the parameter URL :

For example : http://example.com/myclicktrackingscript.php?source=sidebar$url=REJREJ12333232rerereE

... but how to "dehash" it properly ?

I've never used such technique, has anyone any examples / tips / advice about how to do so ?

Thanks

Baptiste
  • 323
  • 5
  • 16
  • 1
    Simply use base64 encoding and decoding, encode your url with base64 and decode it when ever you need. – GTS Soft. Jul 26 '14 at 11:15
  • @GTSSoft. base64-encoding will, however, lose any form of "human readability" - this may or may not be good – user2864740 Jul 26 '14 at 11:15
  • But why you want to allow user to read your query string? is there any specific requirement? – GTS Soft. Jul 26 '14 at 11:20
  • Actually, for the project i'm working on, I like the idea of making it "non human readable". I think i'll go with base64_encode, but I got the point with urlencode as well, thanks to you all, that was fast and effective (as usual in here) – Baptiste Jul 26 '14 at 11:23
  • Although I read here that using base64_encode might be unsafe ? http://stackoverflow.com/questions/1374753/passing-base64-encoded-strings-in-url => Should I use urlencode on top of base64_encode ? – Baptiste Jul 26 '14 at 11:31

3 Answers3

7

You should just encode parameter:

urlencode('http://example.com/redirect_to.php?site=site1')

And encoded value will be: http%3A%2F%2Fexample.com%2Fredirect_to.php%3Fsite%3Dsite1

Uriil
  • 11,948
  • 11
  • 47
  • 68
2

While urlencode will work, it is also results in messy (looking, IMOHO) output for this task by default. However, it can be cleaned up!

This is because some "special characters" are allowed in a query string, thus we can fix the over-encoding to make it look prettier.

$encoded = urlencode('http://target.com/foo_bar.php?a=1&b=2');
// Remove unneeded encoding
$encoded = str_replace('%3A', ':', $encoded);
$encoded = str_replace('%2F', '/', $encoded);
$encoded = str_replace('%3F', '?', $encoded);
$encoded = str_replace('%3D', '=', $encoded);
// There are several additional characters that need not be encoded in
// the query string; refer to the link.

This works when $encoded is used in the query portion of the URI.

$url = "http://blah/?url=$encoded";

And should result in a fairly-readable URL like the following. Note the & in the embedded URL is still encoded as it denotes termination between value pairs.

http://blah/?url=http://target.com/foo_bar.php?a=1%26b=2

Where human readability is not desired there are also approaches such as base64-encoding the the URL (which must still be made URI-safe) or using a backend to provide a URL-shortener service (which would allow "http://blah.com/?afjnD" style URLs).

However, hashing by itself will not work because (unless the mapping is persisted) the hash function is a one-way operation and the original data is not recoverable.

Community
  • 1
  • 1
user2864740
  • 60,010
  • 15
  • 145
  • 220
1

you can use urlencode

 $parmeter_url = "http://example.com/redirect_to.php?site=site1";
 $parmeter_url = urlencode($parmeter_url);
 $url = "http://example.com/myclicktrackingscript.php?source=sidebar&url=".$parmeter_url;
 echo $url;

see Demo

Satish Sharma
  • 9,547
  • 6
  • 29
  • 51