Database Reference
In-Depth Information
http://localhost/myscript.php?id=428&name=Gandalf
Here the
:
and
/
characters segment the URL into components, the
?
character indicates
that parameters are present, and the
&
character separates the parameters, each specified
as a
name
=
value
pair. (The
;
character is not present in the URL just shown, but com‐
monly is used instead of
&
to separate parameters.) To include any of these characters
literally within a URL, you must encode them to prevent the browser from interpreting
them with their usual special meaning. Other characters such as spaces require special
treatment as well. Spaces are not permitted within a URL, so if you want to reference a
page named
my home page.html
on the local host, the URL in the following hyperlink
won't work:
<a
href=
"http://localhost/my home page.html"
>
My Home Page
</a>
URL-encoding for special and reserved characters converts each such character to
%
followed by two hexadecimal digits representing the character's ASCII code. For ex‐
ample, the ASCII value of the space character is 32 decimal, or 20 hexadecimal, so write
the preceding hyperlink like this:
<a
href=
"http://localhost/my%20home%20page.html"
>
My Home Page
</a>
Sometimes you'll see spaces encoded as
+
in URLs. That is legal, too.
Use the appropriate encoding method for the context:.
Be sure to encode information
properly for the context in which you use it. Suppose that you want to create a hyperlink
to trigger a search for items matching a search term, and you want the term itself to
appear as the link label that is displayed in the page. In this case, the term appears as a
parameter in the URL, and also as HTML text between the
<a>
and
</a>
tags. If the
search term is “cats & dogs”, the unencoded hyperlink construct looks like this:
<a
href=
"/cgi-bin/myscript?term=cats & dogs"
>
cats
&
dogs
</a>
That is incorrect because
&
is special in both contexts and the spaces are special in the
URL. Write the link like this instead:
<a
href=
"/cgi-bin/myscript?term=cats%20%26%20dogs"
>
cats
&
dogs
</a>
Here,
&
is HTML-encoded as
&
for the link label, and is URL-encoded as
%26
for
the URL, which also includes spaces encoded as
%20
.
Granted, it's a pain to encode text before writing it to a web page, and sometimes you
know enough about a value that you can skip the encoding (see the following sidebar).
Otherwise, encoding is the safe thing to do. Fortunately, most APIs provide functions
to do the work for you. This means you need not know every character that is special
in a given context. You just need to know which kind of encoding to perform, so that
you can call the appropriate function to produce the intended result.
