0

For URL encoding, I mean this (http://www.w3schools.com/tags/ref_urlencode.asp), my question is for URL encoding, shall I encode param1=<xxx>&param2=<yyy> as a whole, or encode just xxx and yyy parts? Or shall I encode param1=<xxx> and param2=<yyy> separately? Thanks.

http://hostname/func?param1=<xxx>&param2=<yyy>

thanks in advance, Lin

Lin Ma
  • 9,739
  • 32
  • 105
  • 175

1 Answers1

0

If you encode everything after ?

  • you will have to do 1 decode to get the full string
  • once done, you will be able to access your parameteres if there is no confusing caracters(you could have issues, if you have = in the values as there will be no distinction between = for a parm value delimiter or inside a value )

If you encode params only

  • you will have to decode each values
  • you will be able to access your param values straigh away without issues, once decoded (no probleme if values contain = )

This is why I would advise to encode values only, to be sure not to have any confusion with = as param value separators and encoded values :

= in a value will be encoded, so the = you will find after ? will only be for a delimiter

let says you encode everything after ? :

No problem : P1 = "abc" P2 = "123"

P1=abc&P2=123 => encoded => P1=abc&P2=123 => decoded => P1=abc&P2=123

Problem : P1 = "a&b=c" P2 = "12" (improbable but let's say it happens)

P1=a&b=c&P2=12 => encoded => P1=a&b=c&P2b=12b=3a => decoded => P1=a&b=c&P2=12 (a server will see 3 parameters if you try to access GET params : P1 = a, b = c, P2, = 12 )

Julien R
  • 406
  • 3
  • 13
  • Thanks Julien, vote up for your reply. I am not developing the server side code, and I am only responsible to send Http request to existing http servers (e.g. google, yahoo, etc.), and actually my question is what is the standard way for encoding (so that standard server like google and yahoo could accept), you answer my question, and it seems either way will work? Another question is when you mention "1 decode to get the full string", for the full string, which part do you mean? :) – Lin Ma Jun 09 '16 at 00:49
  • 1
    full string = everything after ?, that includes param names and values – Julien R Jun 09 '16 at 00:51
  • 1
    I would say both ways should work, but it depends of the server behaviours. Generally params shoudl be well formatted in order to directly access them : exemple in PHP Get['Name'] will return value of the name param If you encode everything after ?, then it will probably break the native GET['ParamName'] or POST['ParamName'] functions – Julien R Jun 09 '16 at 00:52
  • Thanks Julien, vote up for your both replies. And why we do not encode param name in your 2nd method? – Lin Ma Jun 09 '16 at 00:55
  • 1
    well, if you are not trying to make your life harder, you are generally choosing param names that do not require to be encoded by using only a-z 1-9 and - or _ Otherwise, your are just looking for troubles ;-) I am not even sure if that it's somthing you can do (using exotic chars in param names)... – Julien R Jun 09 '16 at 00:57
  • 1
    have a look at this post : http://stackoverflow.com/questions/1455578/characters-allowed-in-get-parameter – Julien R Jun 09 '16 at 01:06
  • Thanks Julien, vote up for your both replies. I am confused for the first method, why there will be issue when values contain `=`, could you show a simple example? – Lin Ma Jun 09 '16 at 01:10
  • 1
    I put an exemple above – Julien R Jun 09 '16 at 01:39
  • 1
    Thanks Julien, nice sample and vote up. I think encode value only is better. I think the issue caused by encode full string is because both character `=` and character `&` needs to be encoded in the same way for values and delimiter of Http parameter key/value pairs? Thanks. – Lin Ma Jun 09 '16 at 05:11
  • Hi Julien, if you could comment on my above comments, it will be great. – Lin Ma Jun 12 '16 at 23:49
  • 1
    Hi Lin, yes absolutely : you do not want to encode & and = if they are used as delimiters between parameters but you want them encoded as parameter content. &= of K/V mechanics must be preserved from encoding but &= of content must be encoded to preserve K/V mechanics – Julien R Jun 13 '16 at 00:14
  • Thanks Julien for the reply, mark your reply as answer. :) – Lin Ma Jun 13 '16 at 00:26