Get special chars from $_GET

Question

I have a list that looks like "1, 2" and so on. When I send this list with $_GET the browser shows this in the address bar: ?myList=1,%25202.

The problem is that that's what I get in PHP. I'd like to explode the list based on ", " (notice the space after the comma) but I can't do that since it gets formatted another way. How can I explode the list anyway? I need to end up with an array containing all the element in the list and the elements are separated by a comma followed by a space.

explode(", ", $list); just doesn't work.

Thanks!

EDIT: this is passed inside of a GET request like this:

$args = "list=" . $_POST["assigned"];
$extra = 'test.php?' . $args;
header("Location: http://$host$uri/$extra");
exit;

---

$s = "1,%25202";
$p = explode(", ", urldecode($s));
var_dump($p);

result:

array(1) { [0]=> string(6) "1,%202" }

---

$s = "1,%25202";
$p = explode(", ", base64_decode($s));
var_dump($p);

result:

array(1) { [0]=> string(4) "�nv�" }

Answer 1

Something's happening all the way at the beginning of your script, in the POST variable. Here's a quick proof-of-concept that validates that if your variable really is 1, 2, it will decode correctly:

if(empty($_GET['myList'])) {
    $simulated_POST = '1, 2';

    $extra = http_build_query(array(
        'myList' => $simulated_POST
    ));

    header('Location: http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . '?' . $extra);

} else {
    $myList = explode(', ', $_GET['myList']);
    var_dump($myList);

}

Can you validate that the POST variable is indeed 1, 2 when it's sent?

Answer 2

Perhaps try:

   $numbers = urldecode($_GET['key']);

Then explode $numbers.

If the browsers automatically encoding them as safe characters then you'll need to decode them.