
I have a little static function so that I can easily build html valid urls on my local website, it is below;

public static function url($path = false) {

    // Build return url with special html characters escaped
    return '' . htmlspecialchars($path);

I have two urls one inside an anchor and another is inside a form action, they are below;

Root::url('test?category=' . $category . '&index=' . $index) // Href

Root::url('test?category=' . $_GET['category'] . '&index=' . $_GET['index']) // Form

GET === $, you can see inside my static function that I use htmlspecialchars to escape special html characters from my url.

The anchor one returns a valid link and works as expected. The form one however returns the following, as in when I click on the form submit, my url in my browser is as follows.

Why is this? My website breaks because it is dependant on the GET parameters being valid.

Thanks for your time, hope this made sense.


I insert the return value of the function call straight into my form action,

action="<?= Root::url('test?category=' . $_GET['category'] . '&index=' . $_GET['index']); ?>" 


The form html is as follows;

<form action="http://example.com/test?category=innate&amp;index=0" method="post">

The anchor html is as follows

<a href="http://example.com/test?category=innate&amp;index=0">

Could it be something to do with the server sending a POST request even though I have GET parameters?


Ok so it has something to do with my function or what I am passing in, I hard typed in the url in the form submit and it worked, no problems, which means it can only be what my function is returning.

I myself cannot see what I may be!


After the form was being submitted, I was redirecting to the same page using header to counter form resubmission. The string for the header was being generated by Root::url().

Two hours this took me to figure out, but boy does it feel good!

도움이 되었습니까?


Normally you wouldn't add a query string to a POST URL. It's not forbidden, though, it may only be somewhat confusing, especially if you use $_REQUEST (which you don't, it seems).

I don't know why your browser shows an uninterpreted &amp;, it should interpret it.

Your problems are likely due to one of these:

  1. a bad browser - try another one
  2. bad content of the form input fields
  3. other

다른 팁

This is quite logic.

I assume your url() method looks like this:

  echo htmlspecialchars($string);

Let's have a look at the $string you are passing:

'test?category=' . $_GET['category'] . '&index=' . $_GET['index'];

As I see in your output, replacing the values, the final string before htmlspecialchars() occur would be:

'test?category=innate&index=0' and after it: test?category=innate&amp;index=0

What happened here? you first concatenated the string, and then htmlspecialchars()'ed the & used to separate the parameters. And to not break the url, you don't want to convert THAT '&'.

Also to sanitize the url you shouldn't use htmlspecialchars() because most html entities would convert to somthing like & + somename + ; for example the Euro symbol would convert to &euro; and you don't want the actual & symbol in your url, the browsers will interpret it as you have another new parameter awaiting.

You should use urlencode(), which will convert your & into: %26 , also, the function's name is self-explanatory, it's encoding a string to use on a URL.

Still, you want the & to separate the parameters, but not in the $GET values. What should we do? to urlencode the values before concatenating the string. I would suggest a method like this one:

function url($page, $get){
    $parameters = array();
    foreach($get as $k => $v) $parameters[] = urlencode($k)."=".urlencode($v);
    //We are concatenating with ? and & the urlencoded() values in the next line:
    echo urlencode($page).'?'.implode('&', $parameters);

url('test', $_GET); // outputs: test?category=innate&index=0 

This would get rid of the special chars from a form's field names and values.

I noticed you will use 2 fixed parameters, category and index, so the method could be like this:

function url($page, $get){
    $page = urlencode($page);
    $category = urlencode($get['category']);
    $index = urlencode($get['index']);
    echo "$page?category=$category&index=$index";

Hope this is what you needed

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top