URL POST parameters syntax question

Posted on 2007-11-30
Last Modified: 2010-04-21
I send out emails with URLs to my clients' invoices, of the form
(where k is a sort of password key)
out of several hundred clients, only one has reported a problem.
it seems that his mailreader (on a mac) is making (and displaying) the link to show
the ampersand &   as the html character code   &

and thus what he sees and clicks on is

my question is:   is there a way to be fault tolerant on my end, and accept either format
for the "k"  parameters,   i.e., have the parameter literally named

or somehow access the URL used and parse it manually (without using the benefit of $_POST )
since it does successfully open my PHP page, but the k parameter is blank

p.s.   i could just combine into one parameter, but there are other constraints and pages that i'd have to change;   thus exploring   if there's a trick that would be easier to implement

Question by:willsherwood
  • 4
  • 4
  • 2
  • +1
LVL 17

Expert Comment

ID: 20383599
to retrieve the values from this url
you have to use $_GET not POST
or to make it universal use $_RESULTS then it works with both get and post.

Author Comment

ID: 20383781
yes of course, that URL works fine.

but as explained, the semicolon gets in the way, which is my question.

sorry if i wasn't clear
LVL 17

Expert Comment

ID: 20383803
no, you need to fix it so it doens't display it as &

post the code that creates the link.

Author Comment

ID: 20383869
sorry i wasn't clear.
for some 500 clients it appears and functions correctly.
for one (only) client,
his email reader on a mac is somehow set to show the html code somehow.
i'm wanting to be fault tolerant for a case like that.

thus i'm specifically seeking the answer to the question:
can the variable name include ";"
or another work-around would be to
read the URL as entered and manually parse it.
LVL 17

Expert Comment

ID: 20383900
yeah, but the ; will always break it.
even if you were to try something like
if (!$_GET['k']) {
    $value = $_GET['amp;'];
} else {
   $value = $_GET['k'];

the ; will cause all kinds of troubles, best bet if to fix it at the source.
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.


Author Comment

ID: 20383986
so there's no way to retrieve the URL that was used and parse it?
LVL 17

Assisted Solution

nplib earned 150 total points
ID: 20384001
not if it shows up like that.
but it should be to hard to fix the problem at the source, just post the code and lets have a look see.
LVL 54

Accepted Solution

b0lsc0tt earned 250 total points
ID: 20384124

You would have to get the complete querystring and process it manually.  Since the html entity & uses the ampersand character it causes a problem when you try to "read" it from the URL.  That is a reserved character.  The best fix would be to figure out if there is a way to prevent that one email client from messing it up. :)

To have PHP get the complete querystring try ...


Let me know if you have any questions or need more information.

LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 100 total points
ID: 20386208
In PHP, you could go through the entire querystring and replace any instance of "&" with "&".  That would resolve the problem in this specific instance, but it would also mean you could not use "&" in any part of the querystring as actual data.

Author Closing Comment

ID: 31411965
thanks to all!
QUERY_STRING was the key
LVL 54

Expert Comment

ID: 20445776
Your welcome!  I'm glad I could help.  This was an interesting question.  Thanks for it and the grade and points.


Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now