|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72617 http_build_query http_build_query incorrectly converts a string
Submitted: 2016-07-18 17:18 UTC Modified: 2016-07-18 19:23 UTC
From: htc dot tolya at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: *URL Functions
PHP Version: Irrelevant OS: ANY
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: htc dot tolya at gmail dot com
New email:
PHP Version: OS:


 [2016-07-18 17:18 UTC] htc dot tolya at gmail dot com
http_build_query incorrectly converts a string.


$url = '';
$url .= http_build_query([
  'param1' => 10,
  'region' => 'en'

P.S>Setting arg_separator (& amp) solves the problem, but this approach does not in all cases.

Test script:
$url = '';
$url .= http_build_query([
  'param1' => 10,
  'region' => 'en'
echo $url;

Expected result:

Actual result:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-07-18 18:45 UTC]
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2016-07-18 18:45 UTC]
Usually, this should work fine, see <>.

What is the value of your ini setting of arg_separator.output[1]?
What is your locale?

[1] <>
 [2016-07-18 19:00 UTC] htc dot tolya at gmail dot com
if (arg_separator.output = "& amp;") the correct transformation is present in the address &amp;
if (arg_separator.output = "&") conversion is not correct!
but this is not a recipe because the address used file_get_contents and similar functions, and &amp does not work there
 [2016-07-18 19:23 UTC]
-Status: Feedback +Status: Not a bug
 [2016-07-18 19:23 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

> if (arg_separator.output = "&") conversion is not correct!

Of course, the conversion is correct. But if you're printing the
value in an HTML (or XML) document, you have to escape special
characters (e.g. by using htmlspecialchars()).
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Mar 31 12:04:11 2023 UTC