Hello.

I noticed such a thing, that if I pass a string via GET :

 ?server=Super Server + GF -

I in php display the value of $_GET['server'] , and get:

 Super Server GF -

It turns out that php itself makes urldecode() , when outputting $_GET , and as expected replaces + with a space.

But the question is, is this a setting, or a feature of php? Or is it configured in Apache?

Just now, what would I pass in the GET sign + - I need to do it through JS:

 encodeURIComponent('Super Server + GF -')// Super%20Server%20%2B%20GF%20-

And only in this case, php will display to me:

 Super Server + GF -

If you pass to GET :

 &test=a+a

With the withdrawal we get:

 echo $_GET['test'];//aa echo urldecode( $_GET['test'] );//aa

It turns out that php still decodes the query string ...

And I don’t understand, does this browser decode the string and transmit it to the server, or does the server decode the string?

  • php has nothing to do with it, the browser sends a request to the server. In addition, you also see that you are making an encodeURIComponent from js (that is, from a browser) - right out of the box. The same with Unicode, the browser sends Unicode - and you cannot guarantee that all browsers do this. - And
  • for this, and I worry that all browsers should work according to the standard, but this does not give a guarantee of what it is. Therefore, I do not even know what to do, for the time being I will work without urldecode .. - user190134

1 answer 1

The server does not encode GET, POST, PUT, etc... requests, we collect and manually, and then the browser generates the request body, automatically adds the necessary headers and sends to the server.
We need to encode the parameters ourselves.

In your case when you send an unencrypted string of the form:

 ?server=Super Server + GF -

The browser sees + and replaces with a space, since all spaces are + , and + space or %20 .
So if on the server, do this:

 urlencode($_GET['server]);

We'll get:

 Super+Server+++GF+-

And if so:

 rawurlencode($_GET['server']);

We'll get:

 Super%20Server%20%20%20GF%20-

And if we ship like this:

 encodeURIComponent('Super Server + GF -')

That already needs to be done like this:

 rawurldecode($_GET['server'])

We get:

 Super Server + GF -

What we needed, but in general I advise you to study the specification of coding and decoding strings in more detail.

And also read what is the difference between js encodeURI and encodeURIComponent , as well as in php urldecode and rawurldecode .