|
|
Posted by Toby A Inkster on 12/20/07 16:42
David Segall wrote:
> I want to encode a string that will be used as a GET data parameter but
> the algorithm I have can produce the characters "/", "+" and "=" in
> addition to alphanumeric characters. Those characters don't have a named
> entity in my HTML text book so I believe they can be used without
> further encoding.
Wrong. All three have special meanings in form data, so although a URL
like "http://example.com?myparam=four/two+3=5" is perfectly valid, your
webserver and/or scripting language may interpret it differently to how
you might expect.
For example, the '+' may be decoded to a space character before you get
your hands on it.
URLs such as this would typically need to be hex-encoded to avoid being
interpreted:
http://example.com?myparam=four%2Ftwo%2B3%3D5
- and * would probably be safer than + and /. < or > would be safer than =.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 13 days, 3:12.]
Sharing Music with Apple iTunes
http://tobyinkster.co.uk/blog/2007/11/28/itunes-sharing/
Navigation:
[Reply to this message]
|