From ac45ab3255561c1da9ac940f77d3019ff63cd94f Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Wed, 6 Sep 2000 16:58:53 +0000 Subject: [PATCH] urlencode() note git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@32141 c90b9560-bf6c-de11-be94-00142212c4b1 --- functions/url.xml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/functions/url.xml b/functions/url.xml index 95d0ad249e..1061bcc6d7 100644 --- a/functions/url.xml +++ b/functions/url.xml @@ -221,12 +221,31 @@ while ($i < count ($a)) { <function>Urlencode</function> example -echo '<A HREF="mycgi?foo=', urlencode ($userinput), '">'; +echo '<A HREF="mycgi?foo=', urlencode ($userinput), '">'; + Note: Be careful about variables that may match HTML entities. + Things like &amp, &copy and &pound are parsed by the browser + and the actual entity is used instead of the desired variable name. This + is an obvious hassle that the W3C has been telling people about for years. + The reference is here: &url.argsep; + PHP supports changing the argument separator to the W3C-suggested + semi-colon through the arg_separator .ini directive. Unfortunately most + user agents do not send form data in this semi-colon separated format. + A more portable way around this is to use &amp; instead of & as the + separator. You don't need to change PHP's arg_separator for this. Leave + it as &, but simply encode your URLs using: + + <function>Urlencode/htmlentities</function> example + +echo '<A HREF="mycgi?foo=', htmlentities (urlencode ($userinput) ), '">'; + + + See also urldecode, + htmlentities, rawurldecode, rawurlencode.