•Re: CGI : How to put an "&" into a GET-parameter

... href='script.pl?company=IBM&place=Brussels'. This works nice and fine

No, that was always incorrect. Your browser was letting you get away with mis-encoded data, and now when you actually had text where it makes a difference, you got bit.

Learn to construct your URLs using the proper encoding, and you would not have had to work on the edge cases.

When converting from filenames or data to URLs, URI-encoding should be used. The URI module is good for that.

When including a URL in HTML code, HTML-entity-encoding should be used. The HTML::Entities module is good for that.

If you're not doing both to something that appears in HREF='...', you are putting out broken HTML. Yours was an example of this. Some of the other answers in this thread were good, but some were bad. {sigh} The amount of cargo cult around this problem is amazing.

For gun = Smith & Wesson and drink = Jack Daniels, you'd use code like this:

use URI;
use HTML::Entities;

my $u = URI->new("/my/cgi");
$u->query_form("gun" => "Smith & Wesson", drink => "Jack Daniels");
print
  '<A HREF="',
  encode_entities("$u"),
  '">',
  encode_entities("shoot with Smith & Wesson, and drink Jack Daniels")
+,
  '</A>', "\n";
[download]

which correctly prints:

<A HREF="/my/cgi?gun=Smith+%26+Wesson&amp;drink=Jack+Daniels">shoot wi
+th Smith &amp; Wesson, and drink Jack Daniels</A>
[download]

Note that the HREF parameter contains examples of both URI and HTML escaping. This is necessary. This is the proper way. If anyone else tells you different, they've not read the RFCs or consulted the experts. (Such as the code that runs this site, which when I checked a moment ago, was still broken for HTML.)

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Comment on •Re: CGI : How to put an "&" into a GET-parameter Select or Download Code

Replies are listed 'Best First'.
Re: •Re: CGI : How to put an "&" into a GET-parameter by jonadab (Parson) on Jan 28, 2003 at 12:53 UTC
Interesting; I knew entity encoding in attributes (such as href) was permitted, but I didn't know it was required. One minor additional suggestion: make that `<a href...</a>`. Uppercase tags were deprecated in HTML 4.0 and are invalid in XHTML (because XML is case-sensitive). Not that any actual browser cares, of course. `--jonadab`	[reply] [d/l] [select]
Re^2: CGI : How to put an "&" into a GET-parameter (PM broke) by tye (Sage) on Jan 28, 2003 at 17:32 UTC
Such as the code that runs this site, which when I checked a moment ago, was still broken for HTML. Yes, I noticed that a few weeks back when I was working on upgrading `[link]` handling. I had always assumed that we were using CGI.pm to build links (since we use CGI.pm for quite a few other things). Another thing I noticed was that quite a few big sites, including Google don't handle ";" for separating CGI parameters, which was disappointing. - tye	[reply] [d/l]
Re: •Re: CGI : How to put an "&" into a GET-parameter by Anonymous Monk on Jan 28, 2003 at 18:59 UTC
You are right about the importance of URI and HTML encoding. For this reason, it is a good idea to use the semicolon as the parameter separator instead of the ampersand. Using a semicolon means that URL attributes don't need HTML entity encoding. The problem characters will be caught by the URI encoding. CGI.pm parses semicolons. It will use semicolons if the $USE_PARAM_SEMICOLONS is defined. Some homegrown CGI parsers might not handle them but people should avoid those in any case. `<A HREF="/my/cgi?gun=Smith+%26+Wesson;drink=Jack+Daniels">` [download]	[reply] [d/l]