PHP URL Encode Example

5 Key Steps You Should Obey With URLs in PHP

We’ve covered a lot of technical detail concerning dealing with hyperlinks in HTML here at VegiBit. As we have seen, when working with PHP, it is going to be common and necessary that we process data and information using variables. In this PHP Tutorial Series, we’re going to take a look at how to generate links using PHP so that we can include variable data via URLs and Super Globals. Specifically, we’ll need to learn what a $_GET variable is, and how it works in combination with URL parameters. Some other key points will be to learn what the reserved characters in URLs are, what characters are unsafe, and when and how we’ll need to encode them for proper use. The concepts here are in use all over the internet on virtually every website you’ll ever visit. Let’s jump right in to working with URLs, Links, and PHP.

1. The GET Super Global

When we’re working with URL’s and Links in PHP, we can pass variables via the URL itself in the form of a query string. The query string is the part of the URL that comes after the domain. The classic example of how to explain the way the GET Super Global and html links work together is by creating two html pages and creating links between them to show how the data is passed. We’ll set up two pages now. One with a link to page two, and the other with some logic to dump the contents of the GET Super Global Variable to the screen. Let’s check it out.

Page One

Page Two

Cool! By passing in values to the variables in the query string, we are able to pass data from one page to another via the GET Super Global variable.

2. Encode Your GET Values!

In HTML there are some reserved characters that we must be aware of because if we include them in a query string without the proper encoding, the URL will break. This table contains the reserved html characters we need to be aware of.

Reserved Characters in URLs
Char URL Encode
$ %24
& %26
+ %2b
, %2c
/ %2f
: %3a
; %3b
= %3d
? %3f
@ %40
Unsafe Characters in URLs
space %20
< %3c
> %3e
# %23
% %25
{ %7b
} %7d
| %7c
^ %5e
~ %7e
[ %5b
] %5d
` %60

So as you can see, there are quite a few characters that could cause problems for you. The solution is that instead of using the actual character in the URL, you should use the the equivalent percent sign hexadecimal digits encoding value in the URL. Ok, we know there are quite a few characters to be aware of, so go ahead and memorize the table above, then come back once you’re ready to continue working with URLs in PHP.

Just Kidding! You do not have to memorize this table, there are much better things to do with your time! In fact let’s start making good use of that time by talking about the built in functions in PHP that will do this for you. Don’t memorize all the characters, just remember the functions to deal with them.

3. urlencode($string)

This here handy function is going to do the dirty work for you. By running the query string through this function, it will convert any of the reserved characters to their percent / two digit hexidecimal pair to make your life easier. Spaces become plus signs, while letters, numbers, underscores, and dashes go through unchanged. We can see this in action and why this is necessary by breaking our original link. Let’s add a variable to the list of variables that we’d like to send via the query string. Here is the updated html.

So what we are doing here is adding a string to our $mods variable. The string is Stage Two Turbo & New Suspension. Do you see a problem here? That’s right, we’re placing a reserved character, the ampersand, in the string that we want to pass as a variable in the URL. This is going to cause some unexpected results! To illustrate the problem, we created two links, one with the $mods variable left untouched, and the other with our $mods variable run through the urlencode function. Let’s see the difference.

Link 1

Link 2

Do you see the difference? The first link completely breaks the data! It has turned the contents of our $mods variable into two entirely different variables! This is sure to rain fire from the heavens upon your web application. The second link however uses the $mods variable after it has been massaged by the urlencode function and therefore does not break our application. The string we wanted, Stage Two Turbo & New Suspension, is safely nestled inside of the $mods variable with no ill effect. Excellent. Note that this URL encoding is only needed with GET requests, since they use URLs to send data. POST requests will not need any of this fancy encoding business.

4. rawurlencode($string)

In addition to the urlencode function, you also have this rawurlencode function available to you when dealing with URL encoding. This function does all of the same things as urlencode. Ok, so you may be wondering, why would you use rawurlencode instead of urlencode. That’s a good question, and the answer will surprise you. (or not). The rawurlencode converts space characters into %20 which is their percent / hexadecimal encoding. Recall the urlencode just turns spaces into plus signs. So what’s the big deal here? Well, there are some best practices to be aware of and here is a summary of when to use each.

5. rawurlencode vs urlencode

rawurlencode the path

  • the path is the part of the url that comes before the ? symbol
  • spaces must be encoded as %20

urlencode the query string

  • the query string is anything that comes after the ? symbol
  • spaces are better encoded as plus signs here

Let’s take a look at this in action.

There are two reasons you should use the first approach.

1. The portion that comes before the ? is where the server is going to be looking on the filesystem for the file Subaru Hatchback. The server is going to have a better time looking for a file that uses %20 as a space rather than a literal + sign. In fact the server may not find this file at all if using a + sign, and your link will break altogether.

2. The portion that comes after the ? is going to be shorter and look much better using + signs rather than %20. It’s true both methods will work in this case, but urlencode after the ? is a best practice, so we should do it that way.

The PHP URL Takeaway

In this episode of our dive into the warm waters of programming with PHP on the web, we took a closer look at dealing with special characters in the URL string. We need to do this because these special characters have a specific meaning if they are part of the URL string. In order for web browsers to interpret and render these URL Strings correctly, it is key that we make proper use of encoding via urlencode and rawurlencode. Remember, when dealing with query strings and URLs, it is best to follow a three step procedure. 1. Find the ? question mark in the query string to divide the full URL into two parts. 2. On the left hand side of the ?, use rawurlencode to encode the data. 3. On the right hand side of the ?, use urlencode to encode the data. With this technique, you will navigate your way around links, URLs, and PHP with ease.