0

URLs can obviously contain 0 question marks, e.g. www.google.com

Or they could contain exactly 1 question mark e.g. www.google.com?q=soccer

So far, I can see that most (all?) URL's still work when more '?' characters are added, and I also know that query strings are non-standard and implementation is client-specific, so, if I interpret that correctly, technically there's nothing stopping a developer from having URL's containing many ?'s, but it just might not fit within standard conventions.

Example: something like this still works, even though it's an odd URL: https://www.google.com/?????????

Question

So my question is can a valid url contain more than one question mark, and are the superfluous question marks ever useful? (obviously 1 question mark serves a very important purpose in many URL's - to delineate between the domain and the parameters)

Backgorund

Why would anyone care? I'm making a method that accepts a URL, and I'll provide a warning if there's > 1 question mark. (but I won't provide that warning if there are valid reasons for > 1 question mark in typical day to day use)

stevec
  • 41,291
  • 27
  • 223
  • 311

1 Answers1

1

I think this is a great question and has been answered here.

Obviously, it is not something common that we usually see (some places even say that this should be not allowed), but I'm going to show a few more practical examples of that. Even though it is not common, I believe that "preventing URLs" with two question marks may not be so good and in the end, I'll say why.

Simple URL redirect service

Let's say that some redirection service has a code more or less like this:

<?php

if ($_GET['redirect_to']) {
  $url = $_GET['redirect_to'];
  if (filter_var($url, FILTER_VALIDATE_URL)) {
    //valid URL, redirect
    header("HTTP/1.1 302 Moved Temporarily");;
    header("Location: " . $url);
    die;
  }
}

As you can see, the code first validates the URL, if valid, redirect the user. If you access this, it will work:

http://localhost/?redirect_to=https://www.example.com/content?from=https://api.example.com/posts?id=2

There are multiple question marks there, one to define the redirect_to parameter, another one to the from parameter, and the last to the id parameter of the redirected URL. To PHP, all this (redirect_to content) is a valid URL. Also, the StackOverflow editor highlights the whole URL as a valid link (the generated answer does not, but I will keep it this way and you can check that if try to edit).

API's

You can download the JSON Placeholder API and create a new post on data.json like this:

{
  "userId": 1,
  "id": 1,
  "title": "Is multiple question marks useful??",
  "body": "Maybe"
}

After running with npm start, you can access http://localhost:3000/posts?title=Is%20multiple%20question%20marks%20useful?? and the post will be returned, so, this would be an example where someone would like to return a post that contains the question mark.

HOWEVER

It's pretty obvious that using multiple question marks on the URL is very weird, and not all clients can interpret this correctly, so it might also be a bad practice to build a system that generates this kind of URL. But your question is about to validate or not multiple question marks, so, thinking that those URLs can belong to other services that you don't have control, to me, there's no need to do the validation.

Lucius
  • 1,246
  • 1
  • 8
  • 21