Query String

A query string (from the Engl; German literally, query string ' ) is a part of a URL on the World Wide Web. This string contains named parameters, which can then be evaluated by the web application.

  • 4.1 encoding 4.1.1 value pair separator

Construction

Transmission

The handover of the parameters is done via the HTTP GET method. So, for example, forms a querystring from value pairs parameter when a web form is submitted, which uses as a transfer "GET". Another method of transfer is HTTP POST, the pairs of values ​​in this case are then not part of the URL and the query string.

Example

A web form is designed as follows:

Evaluation ( PHP)

In PHP, this query string can query. The contents of the query string as an array is available.

Echo $ _GET [' keyword ']; are, for example, the text that was entered in the search box.

Print_r ($ _GET ); therefore results

Coding

Some characters may not occur in a query string, as they may be interpreted incorrectly otherwise. Is the equality sign, for example, used within a value, this is erroneously recognized as a separator parameter values ​​. When you generate the query string these characters must be specially coded - the space would then be converted into a plus sign ( ).

Value pair separator

The ampersand ( "&") as values ​​- pair - separator parameter is problematic in HTML documents because of this character must be accordance with the W3C specifically coded. Therefore, the W3C recommends one of the pairs separated by a semicolon.

Security risks

Since the query string part of the URL is, this is seen and also modifiable for every Internet user in the browser. The developer of the application should therefore only use safe parameter in the query string, such as entering into a search box.

Technical limitations

If larger data is passed, this should be sent via POST, there are some restrictions for the GET method:

  • The HTTP specification recommends for compatibility reasons a maximum size of 255 bytes of URLs or URIs.
  • Internet Explorer does not support URLs that consist of more than 2048 characters
  • Web server can limit the maximum length of a query string itself. When exceeding this limit, the server then sends the status code 414
  • The ( now deprecated ) HTML 3 specification prescribes a maximum length of link destinations of 1024 characters. This limitation no longer exists since HTML 4.
Query language Uniform Resource Locator Webbrowser Clean URL
667818
de