I am sending an HTTP GET request with urlencoded value from a client application and on the server side I am using $_GET["Value"]
to grab the value.
this is what the request looks like on the client side https://example.com/validate.php?Value=+MqZjrRvtvFdcC3GCRRnnQ==
but on the server side the result of $_GET["Value"]
is MqZjrRvtvFdcC3GCRRnnQ==
without +
in the beginning of MqZjrRvtvFdcC3GCRRnnQ==
How can I grab the value as it is including all the special characters(if any)
I tried htmlspecialchars($_GET["Value"])
but this didnt work either.
2
Answers
The
+
is a special char which will be escaped by parse_str().You need to parse the query string by yourself.
Note: If there are multiple values you need to split by
&
first.Calling
http://localhost:4000/?Value=+MqZjrRvtvFdcC3GCRRnnQ==
will give a
$value
ofYou can’t inject any random character in a URL, you need to use proper escaping functions. In PHP you have rawurlencode():
(Demo)
In particular,
+
is some old encoding for whitespace character (U+0020) and=
is often used to separate argument name from argument value.