This «common error» is one of the underlying causes of the Santy.A worm which affects phpBB This may be CATASTROPHIC when injecting into SQL or some PHP functions relying on escaped quotes - magic quotes rightly cannot detect this and will not protect you! PHP «receives» this as %27, which your urldecode() will convert to «‘» (the singlequote). Using urldecode() on $_GET can lead to extreme badness, PARTICULARLY when you are assuming «magic quotes» on GET is protecting you against quoting.
The webserver will arrange for $_GET to have been urldecoded once already by the time it reaches you! That worked for me, while your solution did not on _some_ national characters (at least in IE6).Ī reminder: if you are considering using urldecode() on a $_GET variable, DON’T! Try using encodeURI() instead of encode() in javascript. Please fix the auto-urldecode of $_GET var in the next PHP version. $x store: in the first case «º» (good) and in the second case «º» (good) $x store: in the first case «�» (bad) and in the second case «º» (good) In this scenary, you assign the value into variable $x When the client send Get data, utf-8 character encoding have a tiny problem with the urlencode.įoo.php?myvar=%C2%BA (The «right» url encoding)