Should echoing a PHP $_GET variable remove + character?

Question

In PHP, I call <?php echo $_GET['email_address']; ?>

Which produces something else@example.com

Specifically, a space instead of the + in the email address.

The `$_GET` is auto decoded so the `+` becomes the space. If you want the `+` you should URL encode it. See https://www.php.net/manual/en/reserved.variables.get.php... half way down, `The GET variables are passed through urldecode().` — user3783243, Aug 25 '22 at 13:15
I would just note to the SO devs, if "This question already has answers..." then they should appear when suggesting that the question I was writing might have answers. Those presented at that time were absolutely obscure. :P Otherwise, yinz rock. — Nathan, Aug 25 '22 at 21:51
@Nathan if you want some attention for that observation you should consider starting a post on Meta Stackoverflow about it :-) — ADyson, Aug 26 '22 at 04:35

ADyson · Accepted Answer · 2022-08-25T13:17:22.333

2

Yes, + is one way to represent a space character in a URL. PHP automatically URL-decodes the value when it creates the $_GET data and converts it to a space, as it assumes that's what the value is supposed to represent in the raw URL.
No, it's too late by then.
Yes, you should URL-encode the value before including it in the URL, so that the + is not treated as a special character. If PHP is generating the URL, you'd use the urlencode() function. Most other programming languages have equivalent built-in functions.

edited Aug 25 '22 at 13:17

answered Aug 25 '22 at 13:15

ADyson

In javascript, this is done like so : `encodeURI('something else@example.com')`, which gives : `'something%20else@example.com'` – Lk77 Aug 25 '22 at 13:16

1 Answers1