Encode var in URL

zzz

I need to pass several variables in my URL, however some of them were causing errors, being a phrase sometimes or having some characters in it.

So first I put them as

?myvar='.htmlspecialchars($myVar).'

Later I discovered that i was still having problems so I decided to encode

?myvar='.base64_encode(htmlspecialchars($myVar).'

However my sting is getting too long and the script tops functioning properly. Is there a way to encode vars and have them compact?

laserlight

You should be using [man]urlencode/man or [man]rawurlencode/man instead. htmlspecialchars() is for text to be displayed client side, base64_encode() is for things like binary data sent via email.

zzz

I looked into this but I was turned off by the following warning:

Be careful about variables that may match HTML entities. Things like &amp, &copy and &pound are parsed by the browser and the actual entity is used instead of the desired variable name. This is an obvious hassle that the W3C has been telling people about for years.

laserlight

I looked into this but I was turned off by the following warning:

I think that their warning is correct, but the solution given ("simply encode your URLs using htmlentities() or htmlspecialchars()") is wrong. From what I understand, you should be encoding your separators as & in the first place. That is, instead of writing:

<a href="index.html?x=1&amp=2">foo</a>

you should be writing:

<a href="index.html?x=1&amp;amp=2">foo</a>

Consequently, within the context of PHP you would write:

<?php
$x = 1;
$amp = 2;
echo '<a href="index.html?x=' . urlencode($x) . '&amp;amp=' . urlencode($amp) . '">foo</a>';
?>

EDIT:
Actually, I think the relevant advice is "A more portable way around this is to use & instead of & as the separator." The htmlspecialchars() and htmlentities() part is correct in the sense that you do have to do such escaping (for & to & ), and depending on how you write your code you might need them to automate the escaping.