Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
While looking over the doc’s for urldecode() I came across this note:
The superglobals $_GET and $_REQUEST
are already decoded. Using urldecode()
on an element in $_GET or $_REQUEST
could have unexpected and dangerous
results.
This is the reason why a get variable with the value of %26 ends up being &. Are there any other auto-magical decode routines other than urldecode()? Perhaps decoding that is only done because of configuration or negotiation?
GET parameter decoding works actually in this sequence:
"&", $QUERY_STRING)"=") to split names from valueurldecode()on name and valuestrtr(".", "_", $name)– non-alphanumeric characters mostly stripped from var names (a GET parameter &x.y= becomes $_GET[“x_y”])[] arraynamesaddslashes()on values if magic quotes were enabled – this is the only part that’s configurableWhen decoding POST parameters in multipart/form-data a charset= could be set individually for each field. But I have a hunch that PHP doesn’t respect that.
That is all. AFAIK