Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

special characters in URL

special characters in URL


fahad direct

6:00 pm on Aug 11, 2010 (gmt 0)

5+ Year Member

I have strange issue in hyperlinks if i am sending parameters like http://example.com/test.php?var=Manufacturer--First&Second

If i am getting by $_Request[var] i am only getting First as it is ignoring Second which is coming after & sign. I have tried with URL encode by putting hexa value of '&' character like %26 in its place but still not picking. I have also tried it as:

First+%26+Second, First%26Second.


6:40 pm on Aug 11, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

The ampersand ('&') is used to separate different parameters in the query string, so you can't use an unencoded ampersand as part of a query string for other purposes. For example, you might have the a url with query string like this:


In this case the ampersand only shows that 'foo' and 'bar' are separate parameters. In the case of the 'var=Manufacturer--First&Second' query string, your script interprets 'Second' as an additional (empty) parameter.

There should be no problem either quoting the query string value, or url-encoding it [instruct.tri-c.edu]. What problem did you experience when url-encoding the ampersand? Your sample query string should work as far as I can see.

If I create a php file containing the following code:


...then access that file with your sample query string:


The program output is:

Array ( [var] => Manufacturer--First&Second ) 

-- b


6:44 pm on Aug 11, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

You need a 2-stage process for all parameters in URLs:

the parameter
the result
3 Use `&amp;' as the separator

(otherwise entity-strings within a parameter will get converted by the browser to the actual entity; see here:
[w3.org ])

    $param1='<some text>'; 
    $param2='<some more text>';

    $param1=htmlentities( urlencode( $param1 ));
    $param2=htmlentities( urlencode( $param2 ));


7:40 am on Aug 12, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

Hi all,

A link in the address bar looking like this:-


Should be made like this:-


always put the ampersand like this so that it functions & gets parsed correctly into to address bar.

Also: If i am getting by $_Request[var]

This is poor syntax from a secure & error_reporting point of view, it should be done like this: $_GET['var'] this uses the correct way of accessing the query string & parameters passed through the URL. Note the use of single quotes (you can use double, but that's a preference issue :)) if you don't do that, php will error and give you a notice "undefined index, presumed constant", pop error reporting on, you'll see what I mean.

In the past it has been discussed about the use of $_REQUEST and it's vulnerabilities, fine to use it for localhost/developing, but not for release as you are exposing a lot of information about your site -potentially- to hackers.



6:11 pm on Aug 12, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

I use AlexK's method, urlencode or rawurlencode on the values themselves, tape it all together with &amp; A note on this,


You output this in your pages, not in the address bar, so it will be valid (X)HTML output. If you see the &amp; in your address bar you'll need to parse for _$_GET['amp;somevar']. Try it, name this entity.php. :-) Don't change it, just look at the results when you click the links.

if (isset($_GET['amp;oops'])) {
echo "<p>Entity in the address bar is " . $_GET['amp;oops'] . "</p>
<p>Now let's do it right:
<a href=\"entity.php?test=1&amp;oops=Entity-itis\">Click me</a>.</p>";
else if (isset($_GET['oops'])) {
echo "<p>Got it, <strong>no</strong> entity in the address bar is " . $_GET['oops'] . "</p>";
else {
echo "<p>To validate your code, apply htmlentities to text.
In the following link, the query string is
entity.php?test=1&amp;amp;oops=Entity-itis - watch the
address bar to see what it does by
<a href=\"entity.php?test=1&amp;amp;oops=Entity-itis\">Clicking this link</a></p>";

fahad direct

8:08 am on Aug 13, 2010 (gmt 0)

5+ Year Member

Thanks for all very helpful replies.
I am still having the same issue as tried by all above mentioned ways and i am badly stuck what is the actual reason it is not getting the value after & sign, though i can see in my url as: First & Second(if passing &), First %26 Second (if using %26), First &amp; Second (incase of &amp;) but in each case second operand after & is not being retreived either by Request or Get, my page encoding is utf-8 and tried with iso-8859-1 as well.

I want to add one more note that parameters are being passed by variable as var which shouldn't be a problem as i have tried even all possible mentioned ways of conversions before passing var.


9:03 am on Aug 13, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Here's an example of a page on my own site where I need to pass ampersands in a query string for use at the other end (I'll send the actual URL of the originating page to you so that you can check it out). The originating page uses the method that I've outlined previously:
    url: <my_site>/search.php?id=PCI%5CVEN_134D%26DEV_7891%26SUBSYS_0001134D#results
    status bar view: <my_site>/search.php?id=PCI\VEN_134D&DEV_7891&SUBSYS_0001134D#results

fahad direct

9:47 am on Aug 13, 2010 (gmt 0)

5+ Year Member

I got the solution, I have tried it as %2526 which means '%26' as %25 is the code of '%' so %2526 means %26 which works fine but inside query it is showing as & but query is not working.

Featured Threads

Hot Threads This Week

Hot Threads This Month