get http url parameter without auto decoding using PHP

Question

I have a url like

test.php?x=hello+world&y=%00h%00e%00l%00l%00o

when i write it to file

file_put_contents(\'x.txt\', $_GET[         


        

Answer 1

Because the The $_GET and $_REQUEST superglobals are automatically run through a decoding function (equivalent to urldecode()), you simply need to re-urlencode() the data to get it to match the characters passed in the URL string:

file_put_contents('x.txt', urlencode($_GET['x'])); // -->hello+world
file_put_contents('y.txt', urlencode($_GET['y'])); // -->%00h%00e%00l%00l%00o

I've tested this out locally and it's working perfectly. However, from your comments, you might want to look at your encoding settings as well. If the result of urlencode($_GET['y']) is %5C0h%5C0e%5C0l%5C0l%5C0o then it appears that the null character that you're passing in (%00) is being interpreted as a literal string "\0" (like a \ character concatenated to a 0 character) instead of correctly interpreting the \0 as a single null character.

You should have a look at the PHP documentation on string encoding and ASCII device control characters.

Answer 2

i think you can use urlencode() to pass the value in URL and urldecode() to get the value.

Answer 3

You can get unencoded values from the $_SERVER["QUERY_STRING"] variable.

function getNonDecodedParameters() {
  $a = array();
  foreach (explode ("&", $_SERVER["QUERY_STRING"]) as $q) {
    $p = explode ('=', $q, 2);
    $a[$p[0]] = isset ($p[1]) ? $p[1] : '';
  }
  return $a;
}

$input = getNonDecodedParameters();
file_put_contents('x.txt', $input['x']);