-1

I have with an unwanted replaced, and not able to figure out how to fix it.

When you echo the following string in PHP

echo('?hash=123&rid=111&timestamp=123');

The output is:

?hash=123&rid=111×tamp=123

Note that &timestamp has been replaced with ×tamp

I tried to escape it by using \&timestamp but that doens't work.

How can I prevent PHP replacing this?

You can reproduce this error online using http://phptester.net/

Red
  • 6,599
  • 9
  • 43
  • 85
  • 1
    `×` is the HTML equivalent. Quote the `&` as `&`. Conclusion: You need to [escape](https://www.php.net/manual/en/function.htmlentities) URLs. – Markus Zeller Jun 15 '20 at 14:37
  • @Markus Not "quote", but *encode*. And to avoid confusion, the URL needs to be *HTML-encoded*, not URL-encoded. – deceze Jun 15 '20 at 14:39
  • For what it's worth, it looks like that testing website doesn't escape the _input_, so when it gets run, the input itself shows the times table. – Chris Forrence Jun 15 '20 at 14:39

1 Answers1

2

You have to escape that string, because & is a special symbol in HTML.

echo htmlspecialchars('?hash=123&rid=111&timestamp=123');

More information on the PHP site: https://www.php.net/manual/en/function.htmlspecialchars.php

Iván Pérez
  • 2,278
  • 1
  • 24
  • 49
  • Ah, thanks. That was the issue, I did not even think about it being a HTML character. Thanks for helping out. – Red Jun 15 '20 at 14:48