3

I can't tell you how many hours of my life I've wasted on these kinds of idiotic errors.

I'm basically constructing a URL such as: https://example.com/?test=' . urlencode('meow+foo@gmail.com');

Then, I display it from the URL, like this: echo urldecode($_GET['test']);

And then it shows: meow foo@gmail.com.

Ugh.

If I instead fo this: echo $_GET['test'];

I get: meow+foo@gmail.com.

(Naturally, echoing a GET variable like that is insanity, so I would of course do htmlspecialchars around it in reality. But that's not the point I'm making here.)

So, since browsers (or something) is clearly making this "translation" or "decoding" automatically, doing it again messes it up by removing certain characters, in this case the "+" (plus). Which leads me to believe that I'm not supposed to use urldecode/rawurldecode at all.

But then why do they exist?

user16508174
  • 281
  • 1
  • 6

1 Answers1

2

So when would one ever want to use them

I recently had a case where we added triggers to an S3 bucket which were being picked up by a Lambda function and sent via a HTTP request to an API endpoint.

If the path of the file on S3 was multiword, it would replace the space with a + at which point it would break our code because tecnically the path is incorrect.

Once you run it through urldecode it becomes a valid path because as per the docs:

Decodes any %## encoding in the given string. Plus symbols ('+') are decoded to a space character.

That would be a valid use case for this function as no browser is involved. Just background processes/requests.

Script47
  • 14,230
  • 4
  • 45
  • 66