0

http://localhost/rootfolder/contact.php?msg=empty&success=empty

What is that amp;? When I click two times on the button, that occurs. What do I have to do different?

Currently, I am creating a website where you can subscribe to a newsletter and you can send a message directly on the website. To return to the previous page, I use a session and also the $_SERVER superglobal. To keep the parameters in the url and also to change them, I wrote a function:

function changeurl($page, $searched, $replacement) {
    $strfinalone = "";
    $strfinaltwo = "";
    if(!(count(explode("?", $page))<= 1)) {
      $a = explode("?", $page);
      if(strlen($a[1]) == 0) {
        $strfinaltwo = $a[0]."?".$searched."=".$replacement;
        return $strfinaltwo;
      }
      if(!(count(explode("&", $a[1])) <= 1)) {
        $b = explode("&", $a[1]);
        for ($i=0; $i < count($b) ; $i++) {
          $e = explode("=", $b[$i]);
          if(strstr($e[0], $searched) !== false) {
            if($e[1] == $replacement) {
              return $a[0]."?".$a[1];
            }
            $str = $e[0];
            $e[1] = $replacement;
            $strfinalone = join("=", $e);
            $b[$i] = $strfinalone;
            $a[1] = join("&", $b);
            $strfinaltwo = join("?", $a);
            return $strfinaltwo;
          }
        }
        $strfinaltwo = $page."&".$searched."=".$replacement;
        return $strfinaltwo;
      } else {
        $d = explode("=", $a[1]);
        if($d[0] == $searched) {
          if($d[1] == $replacement) {
            return $a[0]."?".$a[1];
          }
          $strfinaltwo = $a[0]."?".$searched."=".$replacement;
          return $strfinaltwo;
        } else {
          $strfinaltwo = $a[0]."?".$a[1]."&".$searched."=".$replacement;
          return $strfinaltwo;
        }
      }
    } else {
      $strfinaltwo = $page."?".$searched."=".$replacement;
      return $strfinaltwo;
    }
  }

 // TO GET THE URL:

$link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http").":"."//{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
        $escaped_url = htmlspecialchars($link, ENT_QUOTES, 'UTF-8');

I just want to remove this amp; of the url when I click for example two times the subscribe button and there was nothing filled in.

Tobias
  • 1
  • That's because you're using `htmlspecialchars()`, which replaces `&` with `&`. That function is meant to sanitize HTML text, not URLs. Don't use it for URLs. – rickdenhaan Jun 15 '19 at 18:28
  • How do you use `$escaped_url`? – Dharman Jun 15 '19 at 18:32
  • What is the purpose of `changeurl()` function? Why wouldn't you use `http_build_query()` – Dharman Jun 15 '19 at 18:33
  • See my previous question: [How to properly create HTML links in PHP?](https://stackoverflow.com/questions/55366208/how-to-properly-create-html-links-in-php) – Dharman Jun 15 '19 at 18:36

1 Answers1

-1

This is because of htmlspecialchars() which is used to some html characters.

And to encode url you can use urlencode() function.

Nitesh Garg
  • 179
  • 3
  • Technically right, but makes for incomplete answer. – Dharman Jun 15 '19 at 18:34
  • I used that function because I don't want that harmful html code is inserted into the website via the url. Isn't that a problem in the url? – Tobias Jun 15 '19 at 18:49