3

I have read this: What does /#!/ mean in URL? and so I'm aware # is a fragment separator, but I am having difficulties with $_GET ing a URL to display on a subsequent page, where the # is present.

I have a php page which sends a user input, a URL, to another page where it is displayed.

<?php echo $_GET["url"]; ?>

Where the url containing the variables looks like this...

http://website.com/qr/index.php?url=http://www.example.com&many=false&set=false

http://www.example.com is displayed.

Whereas a url containing a fragment like this...

http://website.com/qr/index.php?url=http://www.example.com/#fragment&many=false&set=false

displays nothing.

I am not able to use $_POST.

Thanks for any help.

Community
  • 1
  • 1
Russell
  • 655
  • 2
  • 9
  • 21
  • Actually, `$_GET['url']` should be filled in both situations, because the `#` is after the url parameter. You would not be able to read `$_GET['many']` and `$_GET['set']` in the second case, because it's part of the fragment (which is not sent to the server afaik), but `$_GET['url']` should be fine. So I think the error shoul be somewhere else. – aufziehvogel Jan 27 '15 at 21:59
  • If you're passing `#` as part of the value of a parameter, you have to URLEncode it first. Can't just leave it as `#` because then its treated as part of this url rather than part of the parameter value. – developerwjk Jan 27 '15 at 22:01
  • Everything behind an non-encoded `#` is never sent to the server – DarkBee Jan 27 '15 at 22:05

2 Answers2

4

You should probably URL encode the parameter you are placing in the URL , especially since it also is a URL (meaning it has a very high likelihood of containing characters that have a special meaning in the context of a URL, such as # and /). If you're using Javascript to put the URL parameter in you can do this with encodeURIComponent. If you're using PHP to add that URL parameter, it is urlencode

From that first link, the pound sign falls under the "Unsafe characters" category which garner from the author this further advice (emphasis mine):

Some characters present the possibility of being misunderstood within URLs for various reasons. These characters should also always be encoded.

That "Unsafe" designation comes from RFC 1738 which has this to say about the Pound Character specifically (again, emphasis mine):

All unsafe characters must always be encoded within a URL. For example, the character "#" must be encoded within URLs even in systems that do not normally deal with fragment or anchor identifiers, so that if the URL is copied into another system that does use them, it will not be necessary to change the URL encoding.

Jeff Lambert
  • 24,395
  • 4
  • 69
  • 96
1

You should use urlencode or rawurlencode. Otherwise all after the '#' is part of the fragment and its possible that you get some problems.

René Höhle
  • 26,716
  • 22
  • 73
  • 82