What does %5B and %5D in POST requests stand for?

Question

I'm trying to write a Java class to log in to a certain website. The data sent in the POST request to log in is

user%5Blogin%5D=username&user%5Bpassword%5D=123456

I'm curious what the %5B and %5D means in the key user login.

How do I decode these data?

score 648 · Accepted Answer · edited Apr 27 '21 at 20:19

As per this answer over here: str='foo%20%5B12%5D' encodes foo [12]:

%20 is space
%22 is quotes
%5B is '['
and %5D is ']'

This is called percent encoding and is used in encoding special characters in the url parameter values.

EDIT By the way as I was reading https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Global_Objects/encodeURI#Description, it just occurred to me why so many people make the same search. See the note on the bottom of the page:

Also note that if one wishes to follow the more recent RFC3986 for URL's, making square brackets reserved (for IPv6) and thus not encoded when forming something which could be part of a URL (such as a host), the following may help.

function fixedEncodeURI (str) {
    return encodeURI(str).replace(/%5B/g, '[').replace(/%5D/g, ']');
}

Hopefully this will help people sort out their problems when they stumble upon this question.

score 49 · Answer 2 · answered Apr 01 '12 at 16:28

49

They represent [ and ]. The encoding is called "URL encoding".

answered Apr 01 '12 at 16:28

ruakh

175,680
26
273
307

score 19 · Answer 3 · edited Sep 08 '17 at 13:00

19

[] is replaced by %5B%5D at URL encoding time.

edited Sep 08 '17 at 13:00

Zachary Weixelbaum

904
1
11
24

answered Apr 01 '12 at 17:47

Lalit Bhudiya

4,332
4
26
32

score 12 · Answer 4 · answered Apr 01 '12 at 16:28

12

Well it's the usual url encoding

So they stand for [, respectively ]

answered Apr 01 '12 at 16:28

Voo

29,040
11
82
156

Xeriaz · Answer 5 · 2021-03-31T08:47:50.777

10

To find out these values you can simply use Console in your browser and do the following

console.log(decodeURI('user%5Blogin%5D=username&user%5Bpassword%5D=123456'))

edited Mar 31 '21 at 08:47

answered Mar 31 '21 at 07:13

Xeriaz

131
1
7

score 4 · Answer 6 · answered Aug 19 '16 at 12:51

4

To take a quick look, you can percent-en/decode using this online tool.

answered Aug 19 '16 at 12:51

Krzysztof Przygoda

1,217
1
17
24

1

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/low-quality-posts/19174017) – Peter Mar 20 '18 at 20:09
@Peter Thanks, but this is only a link to the online tool, which can be helpful here. Since the answers was already provided there is no need for further explanations. – Krzysztof Przygoda Mar 21 '18 at 11:02

score 2 · Answer 7 · answered Nov 04 '19 at 12:37

Not least important is why these symbols occur in url. See https://www.php.net/manual/en/function.parse-str.php#76792, specifically:

parse_str('foo[]=1&foo[]=2&foo[]=3', $bar);

the above produces:

$bar = ['foo' => ['1', '2', '3'] ];

and what is THE method to separate query vars in arrays (in php, at least).

score 1 · Answer 8 · answered Jun 13 '16 at 15:07

The data would probably have been posted originally from a web form looking a bit like this (but probably much more complicated):

<form action="http://example.com" method="post">

  User login    <input name="user[login]"    /><br />
  User password <input name="user[password]" /><br />

  <input type="submit" />
</form>

If the method were "get" instead of "post", clicking the submit button would take you to a URL looking a bit like this:

http://example.com/?user%5Blogin%5D=username&user%5Bpassword%5D=123456

or:

http://example.com/?user[login]=username&user[password]=123456

The web server on the other end will likely take the user[login] and user[password] parameters, and make them into a user object with login and password fields containing those values.

What does %5B and %5D in POST requests stand for?

8 Answers8

Linked