Encoding an Array in the URL

[kittrellbj]

This may or may not be the correct forum for this question, but I think it is a general HTML question.

 

I am encoding an array into the URL so that the next page can $_GET the URL, decode it into an array, and display the correct page based on the array.

 

Basically, my URL's are encoded as ...?loc=A01|01|01|01.  So, the PHP pulls the $_GET['loc'] and explodes it into an array.

 

My question is, is it safe to use the | for this operation, or should I use something other than the | character?  I need a special character to separate the values from each other (doesn't matter to me what the character is, really), but I need expert opinion:  is it safe and does it work across multiple platforms?

[burn1337]

Firstly, the Get method will almost never really be a safe way to transport data... It is too easy for anyone to mess around with it, causing errors, or injections...

Secondly, I have never tried passing an array through the Get method... and personally, I suggest either using the Post method, or think about breaking up the array so that you are passing each element of the array, in it's own $_GET array element... (if I remember correctly the $_GET array is not capable of being a multidimensional array, though I could be wrong.)

[Axeia]

A more usual candidate for this is the plus sign, either should be fine.

I'm guessing (got no source to back it up and I could be spouting nonsense) that the plus sign might be part of the ascii that's common across all character sets and might therefore be a bit safer for older browsers (read ancient).

 

Would be nice if someone could step in who actually knows instead of guessing

[JonnoTheDev]

Dont pass individual array elements through the url with a delimiter. Too easy to break or inject into. Store the array within a session variable or use POST. If you really have to then use a comma ,