kittrellbj Posted April 6, 2009 Share Posted April 6, 2009 This may or may not be the correct forum for this question, but I think it is a general HTML question. I am encoding an array into the URL so that the next page can $_GET the URL, decode it into an array, and display the correct page based on the array. Basically, my URL's are encoded as ...?loc=A01|01|01|01. So, the PHP pulls the $_GET['loc'] and explodes it into an array. My question is, is it safe to use the | for this operation, or should I use something other than the | character? I need a special character to separate the values from each other (doesn't matter to me what the character is, really), but I need expert opinion: is it safe and does it work across multiple platforms? Quote Link to comment Share on other sites More sharing options...
burn1337 Posted April 6, 2009 Share Posted April 6, 2009 Firstly, the Get method will almost never really be a safe way to transport data... It is too easy for anyone to mess around with it, causing errors, or injections... Secondly, I have never tried passing an array through the Get method... and personally, I suggest either using the Post method, or think about breaking up the array so that you are passing each element of the array, in it's own $_GET array element... (if I remember correctly the $_GET array is not capable of being a multidimensional array, though I could be wrong.) Quote Link to comment Share on other sites More sharing options...
Axeia Posted April 7, 2009 Share Posted April 7, 2009 A more usual candidate for this is the plus sign, either should be fine. I'm guessing (got no source to back it up and I could be spouting nonsense) that the plus sign might be part of the ascii that's common across all character sets and might therefore be a bit safer for older browsers (read ancient). Would be nice if someone could step in who actually knows instead of guessing Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted April 7, 2009 Share Posted April 7, 2009 Dont pass individual array elements through the url with a delimiter. Too easy to break or inject into. Store the array within a session variable or use POST. If you really have to then use a comma , Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.