Is a php query string containing two question mark separators '?' problematic? (file.php?parm1=val1&parm2=val2?parm3=val3&...).
-
So here's some more detail behind this question... I have two systems from two different vendors, both proprietary. We'll call them System A and System B. Both systems function as stand alone entities, but System B provides some additional and very specific functionality lacking in System A. The vendor behind System B integrates with System A on a rather basic level (System B integrates with other vendor systems similar to System A within the same market). While System B is a php driven application, System A is not. The integration method goes something like this: System B exports a structured control file (aka a text file) containing various parameter/value pairs. System A is designed to import the control file into System A. System A takes the data in the control file, combines it with some of it's own data, and constructs a URI. This URL is presented as a user-clickable link on the appropriate page within System A. It is this URI that contains the double '?' within the query string. This same URI contains what I can only describe as a post-back URI (a specific URI on System A to receive data back from System B, forming bi-directional communication). So the user action of clicking the link performs the following: Step 1: System A passes a series of parameters and values to System B within the query string to 'file.php'. Step 2: System B receives the data from System A, performs some validation and what not, writes some information into the database, and in the process spawns a new child browser window separate from System A. The user then goes about their work within System B. Step 3: When the user is finished with the task in System B and submits their work, System B passes a series of parameters and values back to System A via the post-back URI. System A performs some validation, writes the results into the database, then issues a command to System B to end the session (while I say session, this is not what you'd think of a true session as there's not state information) and System B closes the child window. The majority of the time, this process works. Both vendors support this process. However, sometimes this process fails either in Step 1 or Step 3. The failure exhibits as either a hard error (as in Step 1) by System B as it doesn't receive the information it needs and expects in the query string, or an error by which System B sends its data back to System A (as in Step 3), but System A fails to retrieve the data. The latter error does not present to the user, nor does it generate any error log data. It simply doesn't exist. We only know about it after the fact when the user looks in System A for their work and there is nothing there. And since it was already brought up, System A is performing a URL Encode/Decode on the query string data. Since the error is intermittent, and I'm unable to replicate in my QA environment, I only have guesswork to go off of.
-
Answer:
The RFC is pretty clear on it. http://www.ietf.org/rfc/rfc1738.txt only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL.
Toby Thain at Quora Visit the source
Other answers
Yes, that will not work right. What you need to do is to use the PHP UrlEncode function to encode all values when you form an URL. That will make PHP decode the original values properly. http://www.php.net/urlencode If you are going to put the URL in a HTML page, for instance on a <a> or <form> tags, you need to also use HtmlSpecialChars after URL encode. http://www.php.net/htmlspecialchars
Manuel Lemos
Related Q & A:
- Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?Best solution by Programmers
- How to dynamically create a PHP class name on the fly?Best solution by stackoverflow.com
- How to write a complex query with doctrine?Best solution by Stack Overflow
- How to get string between two certain strings in Swift?Best solution by Stack Overflow
- How long is a piece of string?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.