$_POST, $_GET unescape escaped query characters

Question

I have a search field where users paste URLs (url is the search query). Most urls work fine, but urls with escaped characters are getting 'unescaped'. For example :

When I copy some url from Chrome browser I get escaped url: url = input query : 'http://website.com/search/my%20query'

echo $_POST['q'] ~ result is 'http://website.com/search/my query'

The query is submitted by $.ajax :

var qurl = $("#url input[name=q]").val();
var queryString = "q="+qurl;

$.ajax({ 
url : "script.php", 
type: "POST", 
data: queryString,
.....

1. How can I receive the query with the escaped characters ?
2. Should I bother and process(escape the query of my query) the query url myself?

Magic quotes you are off:

php.ini

magic_quotes_gpc=Off
magic_quotes_runtime=Off
magic_quotes_sybase=Off

Answer 1

Your question is a bit short on detail so, unfortunately, there is a fair bit of speculation in this answer:

The % in %20 should be encoded as %25 (giving %2520) when the data is submitted.

PHP will then decode it to give you %20 in $_POST.

I've never heard of PHP double decoding the data before. So it sounds like the problem is that whatever is making the request is failing to encode the data. This is most likely caused by not using a regular form to submit it and using JavaScript instead.

The solution therefore, is to encode it properly in the JavaScript.

For example:

data = "query=" + encodeURIComponent( document.getElementById('myInput').value );

---

Update in response to JavaScript being added to the question:

var qurl = $("#url input[name=q]").val();
var queryString = "q="+qurl;

My earlier speculation is confirmed. You haven't encoded the data into the correct format for a query string. Since you are using jQuery.ajax, you can use that to handle your encoding (by passing it an object of data) instead of building the query string manually (and then passing a string):

$.ajax({ 
url : "script.php", 
type: "POST", 
data: {
    q: $("#url input[name=q]").val()
},