Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

is a query string with a / in it valid?

Tags:

http

uri

query-string

uriencoding

Due to a miscommunication with an affiliate partner we're working with the URL they call on our server has been mixed up.

This is the URL they are supposed to call on our server :

 /AAAAAAAA/?b=CCCCCCC

unfotunately it was implemented in their system as this

 ?b=CCCCCCC/AAAAAAA

I can easily parse out the components, but I'm worried that a query string parameter with / in it is not actually a valid URL.

Is a / in a URL actually valid - or should I be concerned. Under what circumstances may an unencoded / cause problems in a query string.

like image 475
Simon_Weaver Avatar asked Feb 02 '10 23:02

Simon_Weaver

People also ask

What characters are not allowed in query string?

In essence this means that the only characters you can reliably use for the actual name parts of a URL are a-z , A-Z , 0-9 , - , . , _ , and ~ . Any other characters need to be Percent encoded.

Can query string contain question mark?

A question mark in the query string does not invalidate the code, and both browsers and search engines can handle them. However, since most URLs are dynamically generated by a script or CMS that powers the website, the existence of such URLs may imply that URLs are not being created correctly.

What characters are not allowed in a URL parameter?

Characters Disallowed in SEO URLs: & - ampersand. ASCII control characters (ASCII code: 0x00-0x1F, 0xF7). For example, NULL, tab, or other invisible control characters are not allowed in SEO URLs.

What does a query string contain?

A query string is a set of characters tacked onto the end of a URL. The query string begins after the question mark (?) and can include one or more parameters. Each parameter is represented by a unique key-value pair or a set of two linked data items. An equals sign (=) separates each key and value.

2 Answers

According to RFC 3986: Uniform Resource Identifier (URI): Generic Syntax (from year 2005), yes, / is allowed in the query component. This is the BNF for the query string: (in Appendix A in RFC 3986)

query         = *( pchar / "/" / "?" )
pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"

The spec says:

  • The characters slash ("/") and question mark ("?") may represent data within the query component.
  • as query components are often used to carry identifying information in the form of "key=value" pairs and one frequently used value is a reference to another URI, it is sometimes better for usability to avoid percent-encoding those characters

Here is a related question: Query string: Can a query string contain a URL that also contains query strings?

like image 127
KajMagnus Avatar answered Oct 19 '22 18:10

KajMagnus

Although I've never had a problem, they're not technically allowed as per RFC 2396:

Within a query component, the characters ";", "/", "?", ":", "@", "&", "=", "+", ",", and "$" are reserved.

But as I said...I've never run into any issues. I think it's a problem with older browsers more than anything, but maybe someone can shed some more light on a problem this causes?

like image 29
Nick Craver Avatar answered Oct 19 '22 18:10

Nick Craver
Sign in to Comment

Related questions

Angular: Custom headers are ignored by $http and $resource. Why?
Handle file uploading with go
Is there any reason to use the HTTP 410 GONE status code?
Fetch API, custom request headers, CORS, and cross-origin redirects
Set-Cookie header behaviour in a Preflight OPTIONS request
How can I make concurrent requests faster with Retrofit / OkHttp?
Security against CSRF attacks via GET requests?
Apache2 "Response header name '<!--' contains invalid characters, aborting request"
How to implements the /svn-history/ path like Google Code Hosting does?
Use HttpGet with illegal characters in the URL
Are there any advantages to using HTTP over HTTPS?
What response/status code should I send to an AJAX request when there is a user/form validation error?
Why does HTTP use TCP? [closed]
How can I serve HTTP slowly?
Distinguish between HttpClient request failure types
Error "The server sent an improper HTTP response." on commit with Subversion 1.8+ client
HTTP status code for invalid format
Spring auto-add 'X-Total-Count' header
What is a multipart HTTP POST and how to make it? (scribd)
What does this Rewrite rule mean?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!