php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72617 http_build_query http_build_query incorrectly converts a string
Submitted: 2016-07-18 17:18 UTC Modified: 2016-07-18 19:23 UTC
From: htc dot tolya at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: *URL Functions
PHP Version: Irrelevant OS: ANY
Private report: No CVE-ID: None
View Developer Edit
 [2016-07-18 17:18 UTC] htc dot tolya at gmail dot com 
Description:
------------
http_build_query incorrectly converts a string.

Example.

$url = 'http://site.com/action?';
$url .= http_build_query([
  'param1' => 10,
  'region' => 'en'
]);

P.S>Setting arg_separator (& amp) solves the problem, but this approach does not in all cases.



Test script:
---------------
$url = 'http://site.com/action?';
$url .= http_build_query([
  'param1' => 10,
  'region' => 'en'
]);
echo $url;

Expected result:
----------------
http://site.com/action?param1=10&region=en

Actual result:
--------------
http://site.com/action?param1=10®ion=en

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-07-18 18:45 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2016-07-18 18:45 UTC] cmb@php.net 
Usually, this should work fine, see <https://3v4l.org/KS61j>.

What is the value of your ini setting of arg_separator.output[1]?
What is your locale?

[1] <http://php.net/manual/en/ini.core.php#ini.arg-separator.output>
 [2016-07-18 19:00 UTC] htc dot tolya at gmail dot com 
if (arg_separator.output = "& amp;") the correct transformation is present in the address &amp;
if (arg_separator.output = "&") conversion is not correct!
but this is not a recipe because the address used file_get_contents and similar functions, and &amp does not work there
 [2016-07-18 19:23 UTC] cmb@php.net
-Status: Feedback +Status: Not a bug
 [2016-07-18 19:23 UTC] cmb@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

> if (arg_separator.output = "&") conversion is not correct!

Of course, the conversion is correct. But if you're printing the
value in an HTML (or XML) document, you have to escape special
characters (e.g. by using htmlspecialchars()).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Dec 30 14:01:28 2024 UTC