urlencode function and rawurlencode are mostly based on RFC 1738.
However, since 2005 the current RFC in use for URIs standard is RFC 3986.
Here is a function to encode URLs according to RFC 3986.
<?php
function myUrlEncode($string) {
$entities = array('%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D');
$replacements = array('!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]");
return str_replace($entities, $replacements, urlencode($string));
}
?>
urlencode
(PHP 4, PHP 5, PHP 7)
urlencode — 문자열을 URL 인코드
설명
string urlencode
( string
$str
)이 함수는 URL의 쿼리 부분에 사용할 수 있도록 문자열을 인코드할 때 편리합니다. 다음 페이지로 편하게 변수를 전달할 수 있습니다.
인수
-
str -
인코드할 문자열.
반환값
-_.을 제외한 모든 영숫자가 아닌 문자를 퍼센트(%) 사인에 이어지는 두 16진수로 교체하고 공백은 플러스(+) 사인으로 교체한 문자열을 반환합니다. 이는 WWW 폼에서 인코드한 포스트 데이터, application/x-www-form-urlencoded 매체형과 같은 방식의 인코드입니다. 역사적인 이유로 공백을 더하기 부호(+)로 인코드 하는 점이 » RFC 1738 인코딩(rawurlencode() 참고)과 다릅니다.
예제
Example #1 urlencode() 예제
<?php
echo '<a href="mycgi?foo=', urlencode($userinput), '">';
?>
Example #2 urlencode()와 htmlentities() 예제
<?php
$query_string = 'foo=' . urlencode($foo) . '&bar=' . urlencode($bar);
echo '<a href="mycgi?foo=' . htmlentities($query_string) . '">';
?>
주의
Note:
HTML 엔티티에 매치하는 변수에는 주의를 기울이십시오. &, ©, £ 같은 것은 브라우저에 의해 파싱되어 변수명 대신 엔티티가 사용됩니다. 이는 몇년동안 W3C가 두드러지게 이야기해온 문제입니다. 레퍼런스는 여기에 있습니다: » http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2.
PHP는 .ini 지시어의 arg_seperator를 통하여 W3C가 제시한 세미콜론 인수 구분자 변경을 지원합니다. 불행하게도 대부분의 유저 에이전트는 폼 데이터를 세미콜론 구분 형태로 전송하지 않습니다. 이를 해결하는 가장 현실적인 방법은 구분자로 &를 사용하는 대신 &를 사용하는 것입니다. 이렇게 하면, PHP의 arg_separator를 변경할 필요가 없습니다. &로 내버려두고, 간단히 htmlentities()나 htmlspecialchars()를 사용하여 URL을 인코드 하십시오.
참고
- urldecode() - URL 인코드된 문자열을 디코드
- htmlentities() - 해당하는 모든 문자를 HTML 엔티티로 변환
- rawurlencode() - RFC 1738에 따른 URL 인코드
- rawurldecode() - URL 인코드된 문자열을 디코드
add a note
User Contributed Notes 24 notes
davis dot peixoto at gmail dot com ¶
13 years ago
lekiagospel@gmail dot com ¶
3 years ago
urlencode is useful when using certain URL shortener services.
The returned URL from the shortener may be truncated if not encoded. Ensure the URL is encoded before passing it to a shortener.
Example
$url = "https://www.notarealurl.com?id=50&name=namestring";
$encodedurl = urlencode($url);
$shorturl = UrlShortener::shortenUrl( $encodedurl);
daniel+php at danielnorton dot com ¶
14 years ago
Don't use urlencode() or urldecode() if the text includes an email address, as it destroys the "+" character, a perfectly valid email address character.
Unless you're certain that you won't be encoding email addresses AND you need the readability provided by the non-standard "+" usage, instead always use use rawurlencode() or rawurldecode().
temu92 at gmail dot com ¶
14 years ago
I needed encoding and decoding for UTF8 urls, I came up with these very simple fuctions. Hope this helps!
<?php
function url_encode($string){
return urlencode(utf8_encode($string));
}
function url_decode($string){
return utf8_decode(urldecode($string));
}
?>
no_gravity ¶
4 years ago
I think the description does not exactly match what the function does:
Returns a string in which all non-alphanumeric characters
except -_. have been replaced with a percent (%) sign followed
by two hex digits and spaces encoded as plus (+) signs.
urlencode('ö') gives me '%C3%B6'. So more then just a percent sign followed by two hex digits.
omid at omidsakhi dot com ¶
14 years ago
I needed a function in PHP to do the same job as the complete escape function in Javascript. It took me some time not to find it. But findaly I decided to write my own code. So just to save time:
<?php
function fullescape($in)
{
$out = '';
for ($i=0;$i<strlen($in);$i++)
{
$hex = dechex(ord($in[$i]));
if ($hex=='')
$out = $out.urlencode($in[$i]);
else
$out = $out .'%'.((strlen($hex)==1) ? ('0'.strtoupper($hex)):(strtoupper($hex)));
}
$out = str_replace('+','%20',$out);
$out = str_replace('_','%5F',$out);
$out = str_replace('.','%2E',$out);
$out = str_replace('-','%2D',$out);
return $out;
}
?>
It can be fully decoded using the unscape function in Javascript.
david winiecki gmail ¶
9 years ago
Since PHP 5.3.0, urlencode and rawurlencode also differ in that rawurlencode does not encode ~ (tilde), while urlencode does.
izhankhalib at gmail dot com ¶
10 years ago
Below is our jsonform source code in mongo db which consists a lot of double quotes. we are able to pass this source code to the ajax form submit function by using php urlencode :
<script type="text/javascript">
$(function() {
// Generate a form using jquery.dfrom
$("#myform").dform({
"html":[
{
"type":"p",
"html":"Patient Record"
},
{
"name":"patient.name.first",
"id":"txt-patient.name.first",
"caption":"first name",
"type":"text",
},
{
"name":"patient.name.last",
"id":"txt-patient.name.last",
"caption":"last name",
"type":"text",
},
{
"type" : "submit",
}
]
});
});
</script>
<form id="myform">
<?php
//get the json source code from the mongodb
$jsonform= urlencode($this->data['Post']['jsonform']);
?>
//AJAX SUBMIT FORM
<script type="text/javascript">
$('#myform').submit(function(){
// passing the variable fro PHP to javascript
var thejsonform="<?php echo $jsonform ?>";
//var fname = $('input#fname').val();
var dataString = "jsonform=" + thejsonform ;
$.ajax({
type: "POST",
// url: "test1.php",
data: dataString,
success: function() {
}
});
return false;
});
admin at server dot net ¶
4 years ago
urlencode corresponds to the definition for application/x-www-form-urlencoded in RFC 1866 (https://tools.ietf.org/html/rfc1866#section-8.2.1), and not for url encoded parts in URI. Use only rawurlencode for encode raw URI parts (e.g. query/search part)!
kL ¶
17 years ago
Apache's mod_rewrite and mod_proxy are unable to handle urlencoded URLs properly - http://issues.apache.org/bugzilla/show_bug.cgi?id=34602
If you need to use any of these modules and handle paths that contain %2F or %3A (and few other encoded special url characters), you'll have use a different encoding scheme.
My solution is to replace "%" with "'".
<?php
function urlencode($u)
{
return str_replace(array("'",'%'),array('%27',"'"),urlencode($u));
}
function urldecode($u)
{
return urldecode(strtr($u,"'",'%'));
}
?>
ahrensberg at gmail dot com ¶
16 years ago
Like "Benjamin dot Bruno at web dot de" earlier has writen, you can have problems with encode strings with special characters to flash. Benjamin write that:
<?php
function flash_encode ($input)
{
return rawurlencode(utf8_encode($input));
}
?>
... could do the problem. Unfortunately flash still have problems with read some quotations, but with this one:
<?php
function flash_encode($string)
{
$string = rawurlencode(utf8_encode($string));
$string = str_replace("%C2%96", "-", $string);
$string = str_replace("%C2%91", "%27", $string);
$string = str_replace("%C2%92", "%27", $string);
$string = str_replace("%C2%82", "%27", $string);
$string = str_replace("%C2%93", "%22", $string);
$string = str_replace("%C2%94", "%22", $string);
$string = str_replace("%C2%84", "%22", $string);
$string = str_replace("%C2%8B", "%C2%AB", $string);
$string = str_replace("%C2%9B", "%C2%BB", $string);
return $string;
}
?>
... should solve this problem.
R Mortimer ¶
18 years ago
Do not let the browser auto encode an invalid URL. Not all browsers perform the same encodeing. Keep it cross browser do it server side.
neugey at cox dot net ¶
19 years ago
Be careful when encoding strings that came from simplexml in PHP 5. If you try to urlencode a simplexml object, the script tanks.
I got around the problem by using a cast.
$newValue = urlencode( (string) $oldValue );
frx dot apps at gmail dot com ¶
14 years ago
I wrote this simple function that creates a GET query (for URLS) from an array:
<?php
function encode_array($args)
{
if(!is_array($args)) return false;
$c = 0;
$out = '';
foreach($args as $name => $value)
{
if($c++ != 0) $out .= '&';
$out .= urlencode("$name").'=';
if(is_array($value))
{
$out .= urlencode(serialize($value));
}else{
$out .= urlencode("$value");
}
}
return $out . "\n";
}
?>
If there are arrays within the $args array, they will be serialized before being urlencoded.
Some examples:
<?php
echo encode_array(array('foo' => 'bar')); // foo=bar
echo encode_array(array('foo&bar' => 'some=weird/value')); // foo%26bar=some%3Dweird%2Fvalue
echo encode_array(array('foo' => 1, 'bar' => 'two')); // foo=1&bar=two
echo encode_array(array('args' => array('key' => 'value'))); // args=a%3A1%3A%7Bs%3A3%3A%22key%22%3Bs%3A5%3A%22value%22%3B%7D
?>
root at jusme dot org ¶
15 years ago
I'm running PHP version 5.0.5 and urlencode() doesn't seem to encode the "#" character, although the function's description says it encodes "all non-alphanumeric" characters. This was a particular problem for me when trying to open local files with a "#" in the filename as Firefox will interpret this as an anchor target (for better or worse). It seems a manual str_replace is required unless this was fixed in a future PHP version.
Example:
$str = str_replace("#", "%23", $str);
in reply to "kL" ¶
17 years ago
kL's example is very bugged since it loops itself and the encode function is two-way.
Why do you replace all %27 through ' in the same string in that you replace all ' through %27?
Lets say I have a string: Hello %27World%27. It's a nice day.
I get: Hello Hello 'World'. It%27s a nice day.
With other words that solution is pretty useless.
Solution:
Just replace ' through %27 when encoding
Just replace %27 through ' when decoding. Or just use url_decode.
youhanasobhy15 at gmail dot com ¶
6 years ago
Keep in mind that, if you prepare URL for a connection and used the urlencode on some parameters and didn't use it on the rest of parameters, it will not be decoded automatically at the destination position if the not encoded parameters have special characters that urlencode encodes it.
example :
$xml = simplexml_load_file("http://www.testing.com?me=test&first=".urlencode('dummy string')."&second=here is the string");
here is the second parameter has spaces which urlencode converts it to (+).
after using this URL, the server will discover that the second parameter has not been encoded , then the server will not decode it automatically.
this took more than 2 hours to be discovered and hope to save your time.
monty3 at hotmail dot com ¶
19 years ago
If you want to pass a url with parameters as a value IN a url AND through a javascript function, such as...
<a href="javascript:openWin('page.php?url=index.php?id=4&pg=2');">
...pass the url value through the PHP urlencode() function twice, like this...
<?php
$url = "index.php?id=4&pg=2";
$url = urlencode(urlencode($url));
echo "<a href=\"javascript:openWin('page.php?url=$url');\">";
?>
On the page being opened by the javascript function (page.php), you only need to urldecode() once, because when javascript 'touches' the url that passes through it, it decodes the url once itself. So, just decode it once more in your PHP script to fully undo the double-encoding...
<?php
$url = urldecode($_GET['url']);
?>
If you don't do this, you'll find that the result url value in the target script is missing all the var=values following the ? question mark...
index.php?id=4
Mark Seecof ¶
15 years ago
When using XMLHttpRequest or another AJAX technique to submit data to a PHP script using GET (or POST with content-type header set to 'x-www-form-urlencoded') you must urlencode your data before you upload it. (In fact, if you don't urlencode POST data MS Internet Explorer may pop a "syntax error" dialog when you call XMLHttpRequest.send().) But, you can't call PHP's urlencode() function in Javascript! In fact, NO native Javascript function will urlencode data correctly for form submission. So here is a function to do the job fairly efficiently:
<?php /******
<script type="text/javascript" language="javascript1.6">
// PHP-compatible urlencode() for Javascript
function urlencode(s) {
s = encodeURIComponent(s);
return s.replace(/~/g,'%7E').replace(/%20/g,'+');
}
// sample usage: suppose form has text input fields for
// country, postcode, and city with id='country' and so-on.
// We'll use GET to send values of country and postcode
// to "city_lookup.php" asynchronously, then update city
// field in form with the reply (from database lookup)
function lookup_city() {
var elm_country = document.getElementById('country');
var elm_zip = document.getElementById('postcode');
var elm_city = document.getElementById('city');
var qry = '?country=' + urlencode(elm_country.value) +
'&postcode=' + urlencode(elm_zip.value);
var xhr;
try {
xhr = new XMLHttpRequest(); // recent browsers
} catch (e) {
alert('No XMLHttpRequest!');
return;
}
xhr.open('GET',('city_lookup.php'+qry),true);
xhr.onreadystatechange = function(){
if ((xhr.readyState != 4) || (xhr.status != 200)) return;
elm_city.value = xhr.responseText;
}
xhr.send(null);
}
</script>
******/ ?>
edwardzyang at thewritingpot dot com ¶
19 years ago
I was testing my input sanitation with some strange character entities. Ones like and were passed correctly and were in their raw form when I passed them through without any filtering.
However, some weird things happen when dealing with characters like (these are HTML entities): ‼ ▐ ┐and Θ have weird things going on.
If you try to pass one in Internet Explorer, IE will *disable* the submit button. Firefox, however, does something weirder: it will convert it to it's HTML entity. It will display properly, but only when you don't convert entities.
The point? Be careful with decorative characters.
PS: If you try copy/pasting one of these characters to a TXT file, it will translate to a ?.
torecs at sfe dot uio dot no ¶
18 years ago
This very simple function makes an valid parameters part of an URL, to me it looks like several of the other versions here are decoding wrongly as they do not convert & seperating the variables into &.
$vars=array('name' => 'tore','action' => 'sell&buy');
echo MakeRequestUrl($vars);
/* Makes an valid html request url by parsing the params array
* @param $params The parameters to be converted into URL with key as name.
*/
function MakeRequestUrl($params)
{
$querystring=null;
foreach ($params as $name => $value)
{
$querystring=$name.'='.urlencode($value).'&'.$querystring;
}
// Cut the last '&'
$querystring=substr($querystring,0,strlen($querystring)-1);
return htmlentities($querystring);
}
Will output: action=sell%26buy&name=tore
bisqwit at iki dot fi ¶
18 years ago
Constructing hyperlinks safely HOW-TO:
<?php
$path_component = 'machine/generated/part';
$url_parameter1 = 'this is a string';
$url_parameter2 = 'special/weird "$characters"';
$url = 'http://example.com/lab/cgi/test/'. rawurlencode($path_component) . '?param1=' . urlencode($url_parameter1) . '¶m2=' . urlencode($url_parameter2);
$link_label = "Click here & you'll be <happy>";
echo '<a href="', htmlspecialchars($url), '">', htmlspecialchars($link_label), '</a>';
?>
This example covers all the encodings you need to apply in order to create URLs safely without problems with any special characters. It is stunning how many people make mistakes with this.
Shortly:
- Use urlencode for all GET parameters (things that come after each "=").
- Use rawurlencode for parts that come before "?".
- Use htmlspecialchars for HTML tag parameters and HTML text content.
nehuensd at gmail dot com ¶
9 years ago
if you have a url like this: test-blablabla-4>3-y-3<6 or with any excluded US-ASCII Characters (see chapter 2.4.3 on http://www.ietf.org/rfc/rfc2396.txt) you can use urlencode two times for fix the 403 error.
Example:
.htaccess
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^test-(.*)$ index.php?token=$1
index.php
<?php
var_dump($_GET);
$foo = 'test-bla-bla-4>2-y-3<6';
$foo_encoded = urlencode(urlencode($foo));
?>
<a href="<?=$foo_encoded;?>"><?=$foo_encoded;?></a>
look on index.php
array (size=0)
empty
test-bla-bla-4%253E2-y-3%253C6
look on test-bla-bla-4%253E2-y-3%253C6
array (size=1)
'token' => string 'bla-bla-4>2-y-3<6' (length=17)
test-bla-bla-4%253E2-y-3%253C6
the problem is that the characters are decoded 2 times, 1 single, the first time mod_rewrite, the second is to create the php $ _GET array.
also, you can use this technique to the same as the complex functions of other notes.
homebot at yandex dot ru ¶
10 years ago
Simple static class for array URL encoding
[code]
<?php
/**
*
* URL Encoding class
* Use : urlencode_array::go() as function
*
*/
class urlencode_array
{
/** Main encoding worker
* @param string $perfix
* @param array $array
* @param string $ret byref Push record to return array
* @param mixed $fe Is first call to function?
*/
private static function encode_part($perfix, $array, &$ret, $fe = false)
{
foreach ( $array as $k => $v )
{
switch ( gettype($v))
{
case 'float' :
case 'integer' :
case 'string' : $ret [ $fe ? $k : $perfix.'['.$k.']' ] = $v; break;
case 'boolean' : $ret [ $fe ? $k : $perfix.'['.$k.']' ] = ( $v ? '1' : '0' ); break;
case 'null' : $ret [ $fe ? $k : $perfix.'['.$k.']' ] = 'NULL'; break;
case 'object' : $v = (array) $v;
case 'array' : self::encode_part( $fe?$perfix.$k:$perfix.'['.$k.']' , $v, $ret, false); break;
}
}
}
/** UrlEncode Array
* @param mixed $array Array or stdClass to encode
* @returns string Strings ready for send as 'application/x-www-form-urlencoded'
*/
public static function go($array)
{
$buff = array();
if ( gettype($array) == 'object') $array = (array) $array;
self::encode_part('', $array, $buff, true);
$retn = '';
foreach ( $buff as $k => $v )
$retn .= urlencode($k) . '=' . urlencode($v) . '&';
return $retn;
}
}
#-------------------------------- TEST AREA ------------------------------------
$buffer = array(
'master' =>'master.zenith.lv',
'join' =>array('slave'=>'slave1.zenith.lv','slave2'=>array('node1.slave2.zenith.lv','slave2.zenith.lv')),
'config' => new stdClass()
);
$buffer['config']->MaxServerLoad = 200;
$buffer['config']->MaxSlaveLoad = 100;
$buffer['config']->DropUserNoWait = true;
$buffer = urlencode_array::go($buffer);
parse_str( $buffer , $data_decoded);
header('Content-Type: text/plain; charset=utf-8');
echo 'Encoded String :' . str_repeat('-', 80) . "\n";
echo $buffer;
echo str_repeat("\n", 3) . 'Decoded String byPhp :' . str_repeat('-', 80) . "\n";
print_r($data_decoded);
[/code]
