Posted by John Dunlop on 10/14/06 12:56

Bob Arn:

> [sree:]

> > header("Location: myaccount.php?suc=password changed successfully");

RFC2616 states that Location must be a URI not a relative reference,
and RFC3986 states that URIs cannot contain unencoded spaces.
User-agent error recovery probably means both that the Request-URI from
the original request is understood as the base URI from which the
relative reference is resolved and that the value of Location is taken
as everything up until the first space.

> try: suc=password+changed+successfully

Plus signs do have advantages over %20 in that they are two characters
shorter, they render the URL more readable, and in this case they are
intuitively better suited to concatenation. However, HTTP/1.1 does not
assign any special meaning to <+>; nowhere does it say that <+> means a
space. Where <+> does mean a space is in the
application/x-www-form-urlencoded content type, as described in
HTML4.01 sec. 17.13.4.

I would percent-encode spaces here.

--
Jock

[Back to original message]