Php check if urlencoded

Test if string is URL encoded in PHP

You’ll never know for sure if a string is URL-encoded or if it was supposed to have the sequence %2B in it. Instead, it probably depends on where the string came from, i.e. if it was hand-crafted or from some application.

Is it better to search the string for characters which would be encoded, which aren’t, and if any exist then its not encoded.

I think this is a better approach, since it would take care of things that have been done programmatically (assuming the application would not have left a non-encoded character behind).

One thing that will be confusing here. Technically, the % «should be» encoded if it will be present in the final value, since it is a special character. You might have to combine your approaches to look for should-be-encoded characters as well as validating that the string decodes successfully if none are found.

Solution 2

you can do this to prevent doubly encode. Every time first decode then again encode;

Performing this way we can avoid double encode 🙂

Solution 3

if (urldecode(trim($url)) == trim($url)) < $url_form = 'decoded'; >else

Will not work with double encoding but this is out of scope anyway I suppose?

Solution 4

well, the term «url encoded» is a bit vague, perhaps simple regex check will do the trick

$is_encoded = preg_match('~%[0-9A-F]~i', $string); 

Solution 5

I think there’s no foolproof way to do it. For example, consider the following:

Is that an URL encoded «A B» or does it need to be encoded to «A%2BB»?

Источник

Test if string is url encoded in php

Exception: When a string contains «+» character url decoder replaces it with a space even though the string is not url encoded Solution 2: Use regexp to check if your string contains illegal characters (i.e. characters which cannot be found in URL-encoded string, like whitespace). From PHP 7.2, mb_check_encoding function accepts an array as a value, previously it used to support only strings.

How can I know if url-encoded string is UTF-8 or Latin-1 with PHP?

mb_detect_encoding() is normally useless with the default second parameter:

string(5) "UTF-8" string(10) "ISO-8859-1" 

How to find out if string has already been URL encoded?, Use regexp to check if your string contains illegal characters (i.e. characters which cannot be found in URL-encoded string,

Test if string is URL encoded in PHP

Test if string is URL encoded in PHP — PHP [ Glasses to protect eyes while codiing : https://amzn.to/3N1ISWI ] Test if string is URL encoded in PHP — PHP Di

How to find out if string has already been URL encoded?

Decode, compare to original. If it does differ, original is encoded. If it doesn’t differ, original isn’t encoded. But still it says nothing about whether the newly decoded version isn’t still encoded. A good task for recursion.

I hope one can’t write a quine in urlencode, or this algorithm would get stuck.

Exception: When a string contains «+» character url decoder replaces it with a space even though the string is not url encoded

Use regexp to check if your string contains illegal characters (i.e. characters which cannot be found in URL-encoded string, like whitespace).

Try decoding the url. If the resulting string is shorter than the original then the original URL was already encoded, else you can safely encode it (either it is not encoded, or even post encoding the url stays as is, so encoding again will not result in a wrong url). Below is sample pseudo (inspired by ruby) code:

# Returns encoded URL for any given URL after determining whether it is already encoded or not def escape(url) unescaped_url = URI.unescape(url) if (unescaped_url.length < url.length) return url else return URI.escape(url) end end 

How can I know if url-encoded string is UTF-8 or Latin-1 with PHP?, When I get data through url, I use urldecode() and then I need to know what is the character encoding so I eventually use utf8_encode before

PHP – Check if strings are valid for the specified encoding using mb_check_encoding()

In PHP, the mb_check_encoding() function is used to check if the given strings are valid for the specified encoding. This function checks if the specified byte stream is valid for the specified encoding.

Syntax

bool mb_check_encoding(str $value=null, str $encoding=null)

Note: The function will check if the stated byte stream is valid for the stated encoding. And if the given value is an array type, then all the keys and values will validate recursively. It avoids the invalid encoding attack.

Parameters

mb_check_encoding() accepts two parameters: $value and $encoding .

• $value− It is used to check the byte stream or array if it is omitted and it checks all the input from the beginning of the request.
• $encoding− It is used for the expected encoding.

Return Values

mb_get_encoding() returns True on success or False on failure.

Example

Output

Note: The mb_check_encoding() function nullable was not allowed in the previous versions but from PHP 8.0, we can use nullable value and encode. From PHP 7.2, mb_check_encoding function accepts an array as a value, previously it used to support only strings.

Urlencode vs rawurlencode?, It will depend on your purpose. If interoperability with other systems is important then it seems rawurlencode is the way to go. The one exception is legacy

PHP - auto detect (raw)urlencode

The two functions take any character defined by the regular expression [^0-9A-Za-z_~-] and convert it to a percent sign followed by its hexadecimal codepoint. The only difference between the two encoding methods is rawurlencode() uses a %20 for a space, instead of the + used by urlencode() .

For decoding, this means that any sequence that matches the regular expression %[0-9A-F] will be properly decoded by either function. That only leaves a + to worry about, which will not get decoded properly by rawurldecode() . So, you can use urldecode() on the server side and not worry about any testing.

foo bar baz foo+bar+baz foo bar baz foo bar baz 

Источник

Test if string is URL encoded in PHP

In PHP, it is important to check whether a string is URL encoded or not before using it in any URL-related functions. This guide will show you how to test if a string is URL encoded in PHP, with examples.

Using the PHP built-in function

PHP provides a built-in function `urldecode()` that can be used to decode a URL-encoded string. This function returns `false` if the string is not URL encoded. Therefore, we can use this function to determine if a string is URL encoded.

$string = "Hello%20World!"; $decoded_string = urldecode($string); if($decoded_string === $string) < echo "The string is URL encoded"; >else

In the above code, we first define a string that is URL encoded. Then, we use the `urldecode()` function to decode the string. If the decoded string is the same as the original string, it means that the string is URL encoded.

Using Regular Expressions

Another way to test if a string is URL encoded is by using regular expressions. We can check if the string contains any characters that are not allowed in a URL. If the string contains any of these characters, it means that it is not URL encoded.

$string = "Hello%20World!"; $regex = "/[^a-zA-Z0-9\-_.!~*'()]/"; if(preg_match($regex, $string)) < echo "The string is not URL encoded"; >else

In the above code, we define a regular expression that matches any characters that are not allowed in a URL. Then, we use the `preg_match()` function to check if the string matches the regular expression. If it does, it means that the string is not URL encoded.

Conclusion

In this guide, we have shown you two ways to test if a string is URL encoded in PHP. You can use either the `urldecode()` function or regular expressions. It is important to check if a string is URL encoded before using it in any URL-related functions to avoid errors.

Источник

[php] Test if string is URL encoded in PHP

The above code works, but not in instances where the string has been doubly encoded, as in these examples:

This question is related to php testing url-encoding

The answer is

you can do this to prevent doubly encode. Every time first decode then again encode;

Performing this way we can avoid double encode 🙂

Here is something i just put together.

if ( urlencode(urldecode($data)) === $data) < echo 'string urlencoded'; >else

I think there's no foolproof way to do it. For example, consider the following:

Is that an URL encoded "A B" or does it need to be encoded to "A%2BB"?

if (urldecode(trim($url)) == trim($url)) < $url_form = 'decoded'; >else

Will not work with double encoding but this is out of scope anyway I suppose?

There's no reliable way to do this, as there are strings which stay the same through the encoding process, i.e. is "abc" encoded or not? There's no clear answer. Also, as you've encountered, some characters have multiple encodings. But.

Your decode-check-encode-check scheme fails due to the fact that some characters may be encoded in more than one way. However, a slight modification to your function should be fairly reliable, just check if the decode modifies the string, if it does, it was encoded.

It won't be fool proof of course, as "10+20=30" will return true (+ gets converted to space), but we're actually just doing arithmetic. I suppose this is what you're scheme is attempting to counter, I'm sorry to say that I don't think there's a perfect solution.

Edit:
As I entioned in my own comment (just reiterating here for clarity), a good compromise would probably be to check for invalid characters in your url (e.g. space), and if there are some it's not encoded. If there are none, try to decode and see if the string changes. This still won't handle the arithmetic above (which is impossible), but it'll hopefully be sufficient.

well, the term "url encoded" is a bit vague, perhaps simple regex check will do the trick

$is_encoded = preg_match('~%[0-9A-F]~i', $string); 

@user187291 code works and only fails when + is not encoded.

I know this is very old post. But this worked to me.

$is_encoded = preg_match('~%[0-9A-F]~i', $string); if($is_encoded) < $string = urlencode(urldecode(str_replace(['+','='], ['%2B','%3D'], $string))); >else

send a variable that flags the decode when you already getting data from an url.

?path=folder/new%20file.txt&decode=1 

In my case I wanted to check if a complete URL is encoded, so I already knew that the URL must contain the string https:// , and what I did was to check if the string had the encoded version of https:// in it ( https%3A%2F%2F ) and if it didn't, then I knew it was not encoded:

//make sure $completeUrl is encoded if (strpos($completeUrl, urlencode('https://')) === false) < // not encoded, need to encode it $completeUrl = urlencode($completeUrl); >

in theory this solution can be used with any string other than complete URLs, as long as you know part of the string ( https:// in this example) will always exists in what you are trying to check.

preg_match("/.*uri=(.*)&?.*/", $_SERVER['REQUEST_URI'], $r); if (isset($_GET['uri']) && urldecode($r['1']) === $r['1']) < // Code Here if url is not encoded >

I am using the following test to see if strings have been urlencoded:

if(urlencode($str) != str_replace(['%','+'], ['%25','%2B'], $str)) 

If a string has already been urlencoded, the only characters that will changed by double encoding are % (which starts all encoded character strings) and + (which replaces spaces.) Change them back and you should have the original string.

Let me know if this works for you.

private static boolean isEncodedText(String val, String. encoding) throws UnsupportedEncodingException < String decodedText = URLDecoder.decode(val, TransformFetchConstants.DEFAULT_CHARSET);

 if(encoding != null && encoding.length > 0) < decodedText = URLDecoder.decode(val, encoding[0]); >String encodedText = URLEncoder.encode(decodedText); return encodedText.equalsIgnoreCase(val) || !decodedText.equalsIgnoreCase(val); > 

Источник