-3

Why do we not encode = and & in query strings? I am referencing RFC 3986 but cannot find where it says that we should not encode these characters. Using Guzzle, it doesn't seem they encode anything really.

Take for example the query string: key1='1'&key2='2', shouldn't this be encoded as key1%3D%271%27%26key2%3D%272%27? If I plug key1='1'&key2='2' into chrome as a query string (e.g. www.google.com?key1='1'&key2='2'), it appears as key1=%271%27&key2=%272%27, which does not match guzzle. Guzzle outputs key1='1'&key2='2'. Guzzle's encoding algorithm is below:

private static $charUnreserved = 'a-zA-Z0-9_\-\.~';

private static $charSubDelims = '!\$&\'\(\)\*\+,;=';

public function encode()
{
    return preg_replace_callback(
        '/(?:[^' . self::$charUnreserved . self::$charSubDelims . '%:@\/\?]++|%(?![A-Fa-f0-9]{2}))/',
        function ($match) {
            return urlencode($match[0]);
        },
        $str
    );
}
Community
  • 1
  • 1
keelerjr12
  • 1,693
  • 2
  • 19
  • 35
  • Well, `&` and `=` *means* something specific in URLs. It depends on what exactly you it to mean. Literally "&" and "="? Or parameter separators? – deceze Jul 23 '17 at 20:38
  • @deceze, parameter separators. But I cannot find that in RFC 3986 where it refers to those specific characters. – keelerjr12 Jul 23 '17 at 20:39
  • 1
    I have no idea what Guzzle is. But as a general rule, the idea is that a URL has a series of keys/values following the ?. The pairs are separated with & - so that & is NOT encoded but all OTHER & are encoded. The key & value are separated by = so that = is NOT encoded but all OTHER = are encoded. If the & separating parameters or the = separating key and value in a parameter were themselves encoded then you would just have one giant key with no value. – manassehkatz-Moving 2 Codidact Jul 23 '17 at 20:40
  • I'm confused by your example, which seems to be about escaping single quotes (`'`), which is a completely different question from the title. – IMSoP Jul 23 '17 at 21:48

1 Answers1

1

= and & don't have any special meaning as part of URL syntax. As far as URL syntax is concerned, they're just ordinary characters.

However, when used in query strings, there's a convention implemented by most application frameworks to use them to delimit parameters and values. If you want to use these characters literally in a parameter name or value, you need to encode them. See escaping ampersand in url

Barmar
  • 741,623
  • 53
  • 500
  • 612