Geek Answers Handbook

PHP Mod_rewrite and URL-encoded characters - can use only one of them, but not both?

mod_rewrite seems to convert the plus sign before I have it in $ _REQUEST, and I don't know what to fix it ...

RewriteRule ^invite/([a-zA-Z0-9\-\+\/]+)/?$ invite.php?key=$1 [L,QSA]

For example, I enter this in my URL,

 http://mywebsite/invite/xPo8lUEXpqg8bKL%2B32o6yIOK

I get it

 xPo8lUEXpqg8bKL 32o6yIOK

but if I enter this query without going through mod_rewrite,

 http://mywebsite/invite.php?key=xPo8lUEXpqg8bKL%2B32o6yIOK

I get it what I want

 xPo8lUEXpqg8bKL+32o6yIOK

What can I do? Or is it that I can only use them, but not both.

Thanks.

+6
php regex mod-rewrite urlencode request
source share
2 answers

Try adding the [B] (escape backreferences) flag:

 RewriteRule ^invite/([a-zA-Z0-9\-\+\/]+)/?$ invite.php?key=$1 [L,B,QSA]
+3
source share

The "+" character is reserved in the query string line of the URL as a space. In fact, the status “+” as a reserved character is documented in rfc3986 , and its (now obsolete) use as a space replacement character is documented in rfc1630 .

Since Apache tries to avoid conflict, it automatically preempts the + as a string before passing it.

Using the [NE] (NoEscape) in your rewriting should prevent this behavior.

 RewriteRule ^invite/([a-zA-Z0-9\-\+\/]+)/?$ invite.php?key=$1 [L,NE,QSA]

However, using this, the unescaped "+" WILL will be replaced with a space if the user manually enters the URL. To be safe, simply replace all spaces in your input with + signs.

Quite frankly , since you do not accept spaces at your input, simply replace all spaces with the "+" character. Using the [NE] flag can cause big problems and then replace a simple character. Simple $_GET['key'] = str_replace($_GET['key'], ' ', '+'); should be enough.

+1
source share

More articles:


All Articles