1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:16 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Ampersand being converted to & needlessly

         

cincin

7:21 pm on Aug 3, 2013 (gmt 0)

10+ Year Member



Hi,

I'm trying to fix a bug on a php web page that I did not write. I don't actually know php.

The problem is that the stock code converts the & of a url into & and so the resulting url in the address bar of the browser shows up as & when it should be & 


$payment_error_return = 'payment_error=' . $this->code . '&error=' . urlencode($error) . '&psigate_xml_cc_owner=' . urlencode($HTTP_POST_VARS['psigate_xml_cc_owner']) . '&psigate_xml_cc_expires_month=' . $HTTP_POST_VARS['psigate_xml_cc_expires_month'] . '&psigate_xml_cc_expires_year=' . $HTTP_POST_VARS['psigate_xml_cc_expires_year'];

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false));


This results in the url being:

..."payment.php?payment_error=psigate_xml&error=The+expiry+"...

but it needs to be

..."payment.php?payment_error=psigate_xml&error=The+expiry+"

I have tried to apply (blindly, not knowing what I'm doing) various encoding decoding functions to the text with no success.

Any help is greatly appreciated, thanks!

londrum

7:29 pm on Aug 3, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



you could just try doing a preg_replace on the URL 
$payment_error_return = preg_replace("/&/", "&", $payment_error_return);


i dont think it will work though. it looks like you've got two functions called tep_redirect and tep_href_link. they might be encoding the link themselves. you should have a look at those two functions and see what they do -- that's probably where it's happening

cincin

7:50 pm on Aug 3, 2013 (gmt 0)

10+ Year Member



Thanks for the reply!

I don't really want to mess with the functions themselves if possible. This is in a live shopping cart and I don't want to mess anything up.

Is there a way for me to send the & through that function in a format that will result in it being translated to & in the final url?

I tried & and %26 but it just gets treated as text and gets further encoded...

This would be ideal since then I could repair that one bug locally and in this file without touching the functions.

Thanks for the help!

lucy24

8:31 pm on Aug 3, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I don't speak php either, but isn't it the "urlencode" command that's doing it? Encoding should be constrained to the "path" part of the URL, before the query. Matter of fact, if the code is wholly concerned with generating a query, do you need to encode at all?

cincin

8:43 pm on Aug 3, 2013 (gmt 0)

10+ Year Member



Hi! Thanks for the help, I think the urlencode is only applied to the $error variable:

'&error=' . urlencode($error)

The trouble is with the '&error=' part, it ends up being &error= in the URL once it's in the address bar.

I guess my main question is now: How to do I pass the & in '&error=' so that it ends up being &error= in the address bar? (and not &error=)

thanks!

londrum

9:49 pm on Aug 3, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



thats what i think the functions are doing, they are encoding the url, because when you pass $payment_error_return to the function its not encoded

if its just the error part thats a problem, then maybe you could try moving the error part to the start of the string -- then it wont need an & in front of it (change the order of payment_error and error)

cincin

10:03 pm on Aug 3, 2013 (gmt 0)

10+ Year Member



Well, there are other parameters after error that need to be parsed as well...

g1smd

5:41 am on Aug 4, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The URL in the href of the link should show with 
&
when you view the HTML source code. However, it should show as a plain ampersand in the browser address bar after that link is clicked.

Is the page being sent with the correct character set encoding? Use the Live HTTP Headers extension for Firefox to check the HTTP Headers returned.

Is the ampersand perhaps double-encoded 
&
in the HTML source code?

Readie

10:26 am on Aug 4, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Looking at that code in cincin's original post, I don't think the problem is with a link click. 

tep_redirect(tep_href_link(

I'd hazard a guess that tep_redirect is issuing a Location header, and tep_href_link is converting to html entities.

If Location: recieves entities, it sends you to entities.

londrum

10:46 am on Aug 4, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



that might be your solution. if you dont want to amend the tep_href_link function then you dont have to -- just copy it and create a new function with a different name. but include an extra preg_replace at the end to convert the ampersands back before you return the url. then send it through the other function like normal

Readie

10:54 am on Aug 4, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



For simple replacements Londrum, you should avoid using preg_replace. 

str_replace('&', '&', $string);


Will accomplish the same result, whilest being significantly faster as it doesn't need to load the regex engine.

Readie

10:58 am on Aug 4, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So, to add to that post, this may solve your problem cincin:

Replace this: 
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false));

With this: 
tep_redirect(str_replace('&', '&', tep_href_link(FILENAME_CHECKOUT_PAYMENT, $payment_error_return, 'SSL', true, false)));

cincin

7:05 pm on Aug 4, 2013 (gmt 0)

10+ Year Member



Ladies and gentlemen, thank you.

This does precisely what I need. Problem solved.

g1smd

10:18 pm on Aug 4, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



You should also report this issue on the official forum of the CMS (osCommerce, ZenCart, whatever) you're using. You might have uncovered a new bug.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:16 pm Apr 27, 2026