Using & in URL bugs up the $_GET

Question

Running my site through http://validator.w3.org/check, I get a lot of error messages saying that my links should use & in stead of &.

So I updated my code, only to find out that $_GET does not like this.

My URL was this: www.mysite.com/?foo=1&bar=2
and I changed it to this: www.mysite.com/?foo=1&bar=2

The problem is that doing a print_r($_REQUEST) gives me this result:

Array ( [foo] => 1 [amp;storeid] => 2 ) 

Why doesn't $_GET, $_POST and $_REQUEST recognize the & ?

UPDATE
This is one of the ways I generate a URL:

$url = get_bloginfo('url')."/?foo=".$element['name']."&bar=".$element['id'];
$link = '<a href="'.$url.'" title="'.$element['name'].'">'.$element['name'].'</a>';

Answer 1

& is the HTML entity reference for &. URL parameters are still separated by a single &, but if you mention the URL in HTML, you need to encode it. For

<img src="img?width=100&amp;height=100" />

the browser then requests img?width=100&height=100.

Answer 2

// Fix for & bug in url
if( $_GET ) foreach( $_GET as $key => $value )
{
    if( strpos( $key, 'amp;' ) === 0 )
    {
        $new_key = str_replace( 'amp;', '', $key );
        $_GET[ $new_key ] = $value;
        unset( $_GET[ $key ] );
    }
}

It won't work with filter_input :(

Answer 3

In any case it's not a good practice to encode various URL parts by hands. You should do like this:

$query_string = 'foo=' . urlencode($element['name']) . '&bar=' . urlencode($element['id']);
echo '<a href="mycgi?' . htmlspecialchars($query_string) . '">';

I think this will solve unneeded problems.

Answer 4

You must be double-encoding somewhere, such that your link:

www.mysite.com/?foo=1&bar=2

becomes:

www.mysite.com/?foo=1&bar=2

and then:

www.mysite.com/?foo=1&bar=2

What you read is correct. To clarify, in your HTML & must be encoded as &. Of course the URL itself still just contains &; PHP never sees "&" because that encoding is for the benefit of your browser.