php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72617 http_build_query http_build_query incorrectly converts a string
Submitted: 2016-07-18 17:18 UTC Modified: 2016-07-18 19:23 UTC
From: htc dot tolya at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: *URL Functions
PHP Version: Irrelevant OS: ANY
Private report: No CVE-ID: None
 [2016-07-18 17:18 UTC] htc dot tolya at gmail dot com
Description:
------------
http_build_query incorrectly converts a string.

Example.

$url = 'http://site.com/action?';
$url .= http_build_query([
  'param1' => 10,
  'region' => 'en'
]);

P.S>Setting arg_separator (& amp) solves the problem, but this approach does not in all cases.



Test script:
---------------
$url = 'http://site.com/action?';
$url .= http_build_query([
  'param1' => 10,
  'region' => 'en'
]);
echo $url;

Expected result:
----------------
http://site.com/action?param1=10&region=en

Actual result:
--------------
http://site.com/action?param1=10®ion=en

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-07-18 18:45 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2016-07-18 18:45 UTC] cmb@php.net
Usually, this should work fine, see <https://3v4l.org/KS61j>.

What is the value of your ini setting of arg_separator.output[1]?
What is your locale?

[1] <http://php.net/manual/en/ini.core.php#ini.arg-separator.output>
 [2016-07-18 19:00 UTC] htc dot tolya at gmail dot com
if (arg_separator.output = "& amp;") the correct transformation is present in the address &amp;
if (arg_separator.output = "&") conversion is not correct!
but this is not a recipe because the address used file_get_contents and similar functions, and &amp does not work there
 [2016-07-18 19:23 UTC] cmb@php.net
-Status: Feedback +Status: Not a bug
 [2016-07-18 19:23 UTC] cmb@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

> if (arg_separator.output = "&") conversion is not correct!

Of course, the conversion is correct. But if you're printing the
value in an HTML (or XML) document, you have to escape special
characters (e.g. by using htmlspecialchars()).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 16:01:30 2024 UTC