3

In my code, I create a link like this:

$link = 'http://www.mydomain.com/'.urlencode($str).'/1';

I use url-rewriting and the rule in my htaccess file looks like this:

rewriteRule ^(.+)/(.*)$ index.php?var1=$1&var2=$2 [NC,L]

This code is working fine for almost every strings. But sometimes, the string to encode contains "&". The urlencode function encodes it corectly, but when I read the $_GET array in php, it looks like this (with $str = 'substring1&substring2'):

'var1' => 'substring1' (without "&")
'substring2' => '' (without "&")
'var2' => 1

I really need the "&" in my var. Is there a way to encode that character to make it works?

Also, I really don't know why, but sometimes I get a forbidden http error with some strings passed as var1. Apparently, they have nothing special, for exemple, "Décarie Square" makes that error. Other strings with spaces and "é" are working fine.

Marm
  • 863
  • 2
  • 15
  • 30
  • Look at this page URL: Title says "PHP $_GET var with urlencode and “&” bug" .. but do you see those special characters in URL? You should do the same. It is done for a reason .. and that is the best way. – LazyOne Jul 08 '11 at 15:28

4 Answers4

1

Apache will automatically translate (decode) the path. You must use a different encoding or even double encoding. Base 64 will work.

webbiedave
  • 48,414
  • 8
  • 88
  • 101
1

Apache's mod_rewrite automatically decodes urlencoded strings when it does regex matching. But it only does this once, so you should be if you urlencode your string twice. This will re-escape all of those `%' characters.

try

$link = 'http://www.mydomain.com/'.urlencode(urlencode($str)).'/1';

or stop relying on rewrite rules and use a framework that handles URL routing properly.

Oh, and there should also be htmlentities() somewhere in there.

kijin
  • 8,702
  • 2
  • 26
  • 32
  • I used your exemple and encoded my string twice but I don't put any htmlenitites() and it works fine. Thank you. – Marm Jul 08 '11 at 15:30
  • What kind of framework can handle URL routing? I never heard about anything else than apache url-rewritng – Marm Jul 08 '11 at 15:31
  • @Marm Pretty much any modern framework does it: Yii, Symfony, Zend etc. Even WordPress has it's own routing implementation (all it needs just 1 or 2 basic rules to redirect such "nice" URLs to the index.php – LazyOne Jul 08 '11 at 15:37
0

your $str isn't setup with key=val pairs

Try $str = 'var1=substr1&var2=substr2';

AlienWebguy
  • 76,997
  • 17
  • 122
  • 145
  • I can't, I'm using url-rewriting because I don't want this. I'm trying to make a "beautiful" link. Instead of http://www.domain.com/index.php?var1=string&var2=number, I want http://www.domain.com/string/number – Marm Jul 08 '11 at 15:21
  • In my exemple, substring1 and substring2 are part of the same string with "&" in the middle, they are not 2 vars. The second var is a number (1 in this case) – Marm Jul 08 '11 at 15:23
  • Interesting way of doing things. Try this: urlencode(htmlentities($str)) – AlienWebguy Jul 08 '11 at 15:25
-1

Two options:

  • Urlencode the string before urlencoding the query.
  • Replace all non alphanumerical chars with a dash or underscore

As for the forbidden error are you using http auth basic or digest?

Update may mistake try using htmlentities or htmlspecialchars instead of urlencode

Glass Robot
  • 2,438
  • 19
  • 11