What's wrong with putting spaces in $_GET variables

If I for example have my u开发者_开发知识库rl looking like index.php?category=IT%20&%20Soft. Then i try to print "$_GET[category]" i only get "IT" and not "IT & Soft". What is wrong here? It's frustrating me.

The problem is not the spaces, but the ampersand.

Use %26 instead, like this:

index.php?category=IT%20%26%20Soft

The ampersand indicates that you are beginning another field (like category=IT&subcategory=somethingelse). You can see a list of reserved characters on Wikipedia.

Spaces and ampersands (&) aren't valid and need to be encoded for use in parameter values. Run your arguments through 'urlencode' to create url safe parameter values.

http://php.net/manual/en/function.urlencode.php

& is a reserved character in HTTP URLs and URIs (commonly known as link or hypertext reference). This & is exactly that point that will define a new $_GET entry. So it's not part any longer of the previous $_GET entry. The previous one is the one you would like to use. So in fact, the & inside the category is the cause of your headaches:

URL: http://example.com/script.php?hello=world&foo=bar
                                  ^          ^^^ 
PHP:
  $_GET['hello'] // "world"
  $_GET['foo']   // "bar"

So just to remember: In a URL, the & character separates one URL parameter from the other.

But this does not mean that your problem is not solve-able. You can pass values containing the & character via a URL parameter. There is a very simple way to get & characters into a specific $_GET value.

Packaging Values for an Internet Round-Trip

But take care: You might look right now at the input level (that is the part where data comes into $_GET and other variables) of your application. But to solve this, you need to look at the opposite - the output level (that's where you send out HTML).

Why? Because the output will become the input of your script. So if the output is already wrong, the input can never be ready for use.

Consider that each URL that your application sends to the browser (e.g. as part of a HTML link <a href="">) is a new command with it's specific parameters for your script's $_GET variables. Technically this part is known as the query or as the queryinfo part of a HTTP URI/URL.

So if the URL is already build in a way that it will create the wrong $_GET parameters for your script, it's already too late. So you take a look at the output to fix the originating cause.

So instead, you need to look in the place you create the URL and do the correct output already there so to get the $_GET['category'] later on.

In each link-outputting place you need to ensure that every value is properly encoded. That's the magic word that contains the solution to your problem. A term you better look-up in a dictionary than in a technical documentation.

The Type of Encoding for values needed for $_GET parameters is the so called URL-encoding - encoding for URLs - makes sense, right? URL, encoding = URL-encoding.

Encoding the values for URLs actually takes care that the parameter's value will be available in your script again safely in opposite of breaking values apart and in the end technically destroying the URL even.

Sounds probably a bit complicated, but the good news is, you first of all only need to know that PHP as a web-scripting language offers a function that does this encoding for you. It's called urlencode() and you can use it on any value to create your URLs. In fact it's quite a common task to do in a web-application so if you only knew earlier - but until then, let's see some code, right?

Encoding URL Parameters with PHP

I must guess a bit how that looks like on your end, but you can add your code as well to your question (the output code) so that it's easier to give you some code you can "just" use. Let's say you have something similar to this to output a link:

<a href="index.php?category=<?php echo $category ?>">

This would output the contents of $category just as it is. But this does lead to wrong URLs that will break your script.

So instead, the value of $category needs to be encoded. That is like putting it into an envelope to assure it reaches it's destination as a whole. Let's do this by using the urlencode function I've just mentioned:

<a href="index.php?category=<?php echo urlencode($category) ?>">

As you can see, just putting the value into the urlencode function takes care that the data is properly encoded. Ready to reach it's destination, nothing can break it any longer.

As always: It's simple when you know how. URLs need to be properly written and especially the values of the parameters need to be properly encoded to prevent running into problems at the opposite end: The input level.

Good luck with your term.

The query string uses the & character as a delimiter to separate parameters. Basically you're going to need to escape it to %26.

index.php?category=IT%20%26%20Soft