php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #72418 Special characters should be escaped as described in RFC in http_build_query
Submitted: 2016-06-15 16:08 UTC Modified: -
Votes:4
Avg. Score:3.5 ± 1.7
Reproduced:3 of 4 (75.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: thflori at gmail dot com Assigned:
Status: Open Package: *General Issues
PHP Version: 5.6.22 OS: Linux 4.4
Private report: No CVE-ID: None
View Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
35 - 23 = ?
Subscribe to this entry?

 
 [2016-06-15 16:08 UTC] thflori at gmail dot com 
Description:
------------
---
From manual page: http://www.php.net/function.http-build-query
---
The function http_build_query encodes special charaters that don't need to be encoded.

The problem here is that the query might get bigger than it has to be.

According to the RFC 1738 document mentioned in the manual these characters don't have to be encoded:
>   Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
>   reserved characters used for their reserved purposes may be used
>   unencoded within a URL.

Test script:
---------------
var_dump(http_build_query(['a' => '$-_.+!*\'(),']));

Expected result:
----------------
string(13) "a=$-_.+!*'(),"

Actual result:
--------------
string(29) "a=%24-_.%2B%21%2A%27%28%29%2C"

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-05-04 00:26 UTC] 
The following pull request has been associated:

Patch Name: improves lookup-hack wrt. mysqli_stmt and mysqli_driver (fixes #66340)
On GitHub:  https://github.com/php/systems/pull/4
Patch:      https://github.com/php/systems/pull/4.patch
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue May 13 10:01:27 2025 UTC