Using ampersand in pretty URL breaks URL

Question

I have seen plenty of people having this problem and it seems the only way to stop apache treating the encoded ampersand and a URL ampersand is it use the mod rewrite B flag, RewriteRule ^(.*)$ index.php?path=$1 [L,QSA,B].

However, this isn't available in earlier versions of apache and has to be installed which is also not supported by some hosting companies.

I have found a solution that works well for us. We have a url of /search/results/Takeaway+Foods/Inverchorachan,+Argyll+&+Bute+

This obviously breaks the url at & giving us /search/results/Takeaway+Foods/Inverchorachan,+Argyll which then gives a 404 error as there is no such page.

The url is held in the $_GET['url'] array. If it finds an & the it splits the array for each ampersand.

The following code pieces the URL back together by traversing the $_GET array for each piece.

I would like to know if this has any hidden problems that I may not be aware of.

The code:

    $newurl = "";
    foreach($_GET as $key=>$pcs) {
        if($newurl=="")
            $newurl = $pcs;
        else
            $newurl .= "& ".rtrim($key,"_");
    }
    //echo $newurl;exit;
    if($newurl!='') $url=$newurl;

I am trimming the underscore from the piece as apache added this. Not sure why but any help on this would be great.

Answer 1

We have had this fix in place for two weeks now so I believe that this has solved the issue. I hope this will help someone with a similar issue as I searched for weeks for a solution outside of an apache upgrade to include the B flag. Our users can now type in Bed & Breakfast and we can then serve the appropriate page.

Here is the fix in PHP.

$newurl = "";
foreach($_GET as $key=>$pcs) 
{
    if($newurl=="")
        $newurl = $pcs;
    else
        $newurl .= "& ".rtrim($key,"_");
}

if($newurl!='') $url=$newurl;

Answer 2

You said in a cooment:

We want the URL to show the ampersand so substituting with other characters is not an option.

Short answer: Don't do it.

Seriously, don't use ampersands this way in URLs. Even if looks pretty. Ampersands have a special meaning in a URL and trying to override that meaning because it looks nice is a very bad idea.

Most web-based software (including Apache, PHP and all browsers) makes assumptions about what an ampersand means in a URL, which you will find very hard to work around.

In particular, you will utterly confuse Google and other search engines if you've got arbitrary ampersands in the URL, so it will completely destroy your SEO rank.

If you must have an ampersand in the string, use urlencoding to turn it into a URL-friendly %26. This won't look good in the user's URL string, but it will work as intended.

If that's not acceptable, then substitute something different for ampersands; maybe the word "and", or a character like and underscore, or perhaps just remove it from the string without a replacement.

All of these are common practice. Trying to force the URL to have an actual ampersand character in it is not common practice, and for very good reason.

Answer 3

Take a look at urlencode :

You can also replace the "&" char with something not breaking the URI and won't be interpreted by apache like the "|" char.