|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80277 parse_url & parse_str problems with values with percentage
Submitted: 2020-10-23 14:37 UTC Modified: 2020-10-23 19:45 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: nnikolay at gmail dot com Assigned:
Status: Not a bug Package: URL related
PHP Version: 7.4.11 OS: Debian 10
Private report: No CVE-ID: None
 [2020-10-23 14:37 UTC] nnikolay at gmail dot com
parse_url & parse_str have problems, when in the URL is some value with percent in the form:

Then both of them are converting the "%" in some unicode, which breaks the code:

array(4) {
  string(5) "https"
  string(19) "domain"
  string(16) "/path/"
  array(6) {
    string(10) "´┐Żmpaignid%"
    string(8) "´┐Żnnerid%"


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-23 15:09 UTC]
-Status: Open +Status: Not a bug -Package: *General Issues +Package: URL related -Assigned To: +Assigned To: cmb
 [2020-10-23 15:09 UTC]
Percent characters in an URI introduce a percent-encoded[1]
character, and parse_url() and parse_str() interpret it as such.
A literal percent character would have to be written as %25 in an
URI, see <>.

[1] <>
 [2020-10-23 15:22 UTC] nnikolay at gmail dot com
But this makes nonsense! Why should I convert the "%" to "%25" before I gave it to the function parse_url? Why the function parse_url & parse_str do not make it? If this is so, why I should not convert "&" to "%26" and all the other characters?
 [2020-10-23 15:33 UTC]
-Status: Not a bug +Status: Open -Assigned To: cmb +Assigned To:
 [2020-10-23 15:33 UTC]
> But this makes nonsense!

If you say so.
 [2020-10-23 15:42 UTC] nnikolay at gmail dot com
Of course, it is nonsense if you need to convert "%" but nothing else. Where did you have this in the documentation of parse_url? Or should we have some glass sphere to predict it? For me, it is a nonsense behavior of a function and of course a BUG!
 [2020-10-23 18:03 UTC] eveg at dbdh dot com
what about trying to understand how the basics are working before stubborn comments full of clueless?

the % has a special meaning - period
 [2020-10-23 18:22 UTC] nnikolay at gmail dot com
Then do something and comment it on your docu page before trying to make the other people clueless. If it's in the docu it is ok and makes sense, if not it is unexpected behavior and in each language, it is a BUG. Only because you think to know it, means not, that other people need to try all the variations of some function and to see what would be the results.
 [2020-10-23 18:35 UTC]
-Status: Open +Status: Not a bug
 [2020-10-23 18:35 UTC]
% has special semantics in URL see:

>>>    In addition, octets may be encoded by a character triplet consisting
   of the character "%" followed by the two hexadecimal digits (from
   "0123456789ABCDEF") which forming the hexadecimal value of the octet.
   (The characters "abcdef" may also be used in hexadecimal encodings.)

Source: Section 2.2. URL Character Encoding Issues of RFC 1738 - Uniform Resource Locators (URL)
 [2020-10-23 18:40 UTC] nnikolay at gmail dot com
Super! Then add it please here: and save next time someone half a day to look for a solution because if this is expected, it should be documented at the right place.
 [2020-10-23 18:58 UTC]
parse_url does not parse the query string. It will return

parse_str *does* parse the query string. And the docs already say
> Note:
> All variables created (or values returned into array if second parameter is set)
> are already urldecode()d.
 [2020-10-23 19:07 UTC] eveg at ldbdh dot com
it's not the job of the docs for a programing language to educate you about absolute BASICS of the data you work with
 [2020-10-23 19:22 UTC] nnikolay at gmail dot com
Guys I don't want to speak with the whole team about this unexpected behavior. When only "%" is a special character and everyone, who is starting to develop with PHP needs to learn every one of the RFC standards, then you need some break. The function parse_str() expects an $encoded_string, but there should be only "%" encoded - very helpful? How should someone know this, if not experiment with it and lose hours? 
Here the example: with your docu suggestion for parse_str ( string $encoded_string [, array &$result ] ) : void
You can tell me everything, but the documentation is not clear and it is not clear, that we need to encode only "%" to "%25".
 [2020-10-23 19:43 UTC] djrhr at rgegez dot com
it's only unexpected for YOU the same way as others don't realize that they have to encode & as &amp; in a html link and just because everything works most of the time don't mean that specifications don't matter

stop whining and do your homework
 [2020-10-23 19:45 UTC]
-Block user comment: No +Block user comment: Yes
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri May 24 20:01:29 2024 UTC