Issue with & in a string submitted with $_GET

Question

I'm building an "away"-page for my website and when a user posted a link to another website, each visitor clicking that link will be redirected first to the away.php file with an info that I am not responsible for the content of the linked website.

The code in away.php to fetch the incoming browser URI is:

$goto = $_GET['to'];

So far it works, however there's a logical issue with dynamic URIs, in example:

www.mydomain.com/away.php?to=http://example.com

is working, but dynamic URIs like

www.mydomain.com/away.php?to=http://www.youtube.com/watch?feature=fvwp&v=j1p0_R8ZLB0

aren't working since there is a & included in the linked domain, which will cause ending the $_GET['to'] string to early.

The $goto variable contains only the part until the first &:

echo $_GET['to'];

===> "http://www.youtube.com/watch?feature=fvwp"

I understand why, but looking for a solution since I haven't found it yet on the internet.

Answer 1

Try using urlencode:

$link = urlencode("http://www.youtube.com/watch?feature=fvwp&v=j1p0_R8ZLB0") ;
echo $link;

The function will convert url special symbols into appropriate symbols that can carry data.

It will look like this and may be appended to a get parameter:

http%3A%2F%2Fwww.youtube.com%2Fwatch%3Ffeature%3Dfvwp%26v%3Dj1p0_R8ZLB0

To get special characters back (for example to output the link) there is a function urldecode.

Also function htmlentities may be useful.

You can test with this:

$link = urlencode("http://www.youtube.com/watch?feature=fvwp&v=j1p0_R8ZLB0") ;
$redirect = "{$_SERVER['PHP_SELF']}?to={$link}" ;

if (!isset($_GET['to'])){
    header("Location: $redirect") ;
} else {
    echo $_GET['to'];
}

EDIT: Ok, I have got a solution for your particular situation.

This solution will work only if: Parameter to will be last in the query string.

if (preg_match("/to=(.+)/", $redirect, $parts)){ //We got a parameter TO
    echo $parts[1]; //Get everything after TO
}

So, $parts[1] will be your link.