|
|
 |
urldecode (PHP 3, PHP 4, PHP 5) urldecode -- Decodes URL-encoded string Descriptionstring urldecode ( string str )
Decodes any %##
encoding in the given string. The decoded string is returned.
Example 1. urldecode() example |
<?php
$a = explode('&', $QUERY_STRING);
$i = 0;
while ($i < count($a)) {
$b = split('=', $a[$i]);
echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])),
' is ', htmlspecialchars(urldecode($b[1])), "<br />\n";
$i++;
}
?>
|
|
See also urlencode(),
rawurlencode() and
rawurldecode().
User Contributed Notes
urldecode
spam at soiland dot no
05-Apr-2005 07:45
About reg_var and "html reserved words"
Do not add spaces as the user suggests.
Instead, do what all HTML standards says and encode & in URLs as & in your HTML.
The reason why & works "most of the time" is that browsers are forgiving and just decode the & as the &-sign. This breaks whenever you have a variable that matches an HTML entity, like "gt" or "copy" or whatever. © in your URL will be interpreted as © (the ; is not mandatory in SGML as it is "implied". In XML it is mandatory.). The result will be the same as if you had inserted the actual character into your source code, for instance by pressing alt-0169 and actually inserted © in your HTML.
Ie, use:
<a href="?name=stain&fish=knott">mylink</a>
Note that the decoding of & to & is done in the browser, and it's done right after splitting the HTML into tags, attributes and content, but it works both for attributes and content.
This mean you should &entitify all &-s in any other HTML attributes as well, such as in a form with
<input name="fish" value="fish & fries" />.
Matt Johnson
25-Dec-2004 06:49
A reminder: if you are considering using urldecode() on a $_GET variable, DON'T!
Evil PHP:
<?php
$term = urldecode($_GET['sterm']);
?>
Good PHP:
<?php
$term = $_GET['sterm'];
?>
The webserver will arrange for $_GET to have been urldecoded once already by the time it reaches you!
Using urldecode() on $_GET can lead to extreme badness, PARTICULARLY when you are assuming "magic quotes" on GET is protecting you against quoting.
Hint: script.php?sterm=%2527 [...]
PHP "receives" this as %27, which your urldecode() will convert to "'" (the singlequote). This may be CATASTROPHIC when injecting into SQL or some PHP functions relying on escaped quotes -- magic quotes rightly cannot detect this and will not protect you!
This "common error" is one of the underlying causes of the Santy.A worm which affects phpBB < 2.0.11.
caribe at flash-brasil dot com dot br
13-Oct-2003 03:55
To allow urldecode to work with Brazilian characters as ç ã ó and other just place this header command :
header('Content-type: text/html; charset=UTF-8');
09-Oct-2003 10:17
nataniel, your function needs to be corrected as follows:
------------------------------------------------------------
function unicode_decode($txt) {
return ereg_replace('%u([[:alnum:]]{4})', '&#x\1;',$txt);
}
------------------------------------------------------------
since some codes does not begin with %u0.
tomas at penajaca dot com dot br
21-Jul-2003 01:14
urldecode does not decode "%0" bypassing it. I can cause troble when you are working with fixed lenght strings.
You can you the function below.
function my_urldecode($string){
$array = split ("%",$string);
if (is_array($array)){
while (list ($k,$v) = each ($array)){
$ascii = base_convert ($v,16,10);
$ret .= chr ($ascii);
}
}
return ("$ret");
}
regindk at hotmail dot com
23-Apr-2003 08:00
About: bellani at upgrade4 dot it
$str = "pippo.php?param1=®_var";
echo rawurldecode($str);
Gives:
pippo.php?param1=®_var
Instead of using a space you should exchange & with the correct W3C &
Like this:
$str = "pippo.php?param1=&reg_var";
echo rawurldecode($str);
bellani at upgrade4 dot it
11-Mar-2003 12:12
If you have a "html reserved word" as variable name (i.e. "reg_var") and you pass it as an argument you will get a wrong url. i.e.
<a href="pippo.php?param1=®_var=">go</a>
you will get a wrong url like this
"pippo.php?param1=®_var"
Simply add a space between "&" and "reg_var" and it will work!
<a href="pippo.php?param1=& reg_var=">go</a>
"pippo.php?param1=&%20reg_var"
Works!!
smolniy at mtu dot ru
07-Feb-2003 04:42
For compatibility of new and old brousers:
%xx -> char
%u0xxxx -> char
function unicode_decode($txt) {
$txt = ereg_replace('%u0([[:alnum:]]{3})', '&#x\1;',$txt);
$txt = ereg_replace('%([[:alnum:]]{2})', '&#x\1;',$txt);
return ($txt);
}
igjav at cesga dot es
16-May-2002 01:48
This seems to decode correctly between most browsers and charater coding configurations. Specially indicated for direct parsing of URL as it comes on environment variables:
function crossUrlDecode($source) {
$decodedStr = '';
$pos = 0;
$len = strlen($source);
while ($pos < $len) {
$charAt = substr ($source, $pos, 1);
if ($charAt == 'Ã') {
$char2 = substr($source, $pos, 2);
$decodedStr .= htmlentities(utf8_decode($char2),ENT_QUOTES,'ISO-8859-1');
$pos += 2;
}
elseif(ord($charAt) > 127) {
$decodedStr .= "&#".ord($charAt).";";
$pos++;
}
elseif($charAt == '%') {
$pos++;
$hex2 = substr($source, $pos, 2);
$dechex = chr(hexdec($hex2));
if($dechex == 'Ã') {
$pos += 2;
if(substr($source, $pos, 1) == '%') {
$pos++;
$char2a = chr(hexdec(substr($source, $pos, 2)));
$decodedStr .= htmlentities(utf8_decode($dechex . $char2a),ENT_QUOTES,'ISO-8859-1');
}
else {
$decodedStr .= htmlentities(utf8_decode($dechex));
}
}
else {
$decodedStr .= $dechex;
}
$pos += 2;
}
else {
$decodedStr .= $charAt;
$pos++;
}
}
return $decodedStr;
}
| |
rawurlencode