I hope this isn’t too naive a question but I am not clear why I frequently see POST data being URL encoded. I can see the reason for eoncoding data sent in a GET request but the data attached to the body of a POST request is unlikely to be misinterpreted so why encode it?
@toicontienFeb 15.2007 — #The only real difference between GET and POST data is that POST data isn't seen by the user. It's still literal text just like GET data, just not in the URL. And since POST and GET data are part of the HTTP request, they must be encoded the same. A POST string could be this: food=ice cream&brand=Ben & Jerry's You can see right away that the '&' character in Ben & Jerry's would trick the browser and web server into thinking you've got the following variables, knowing that the '&' character separates variables in the POST string: [code=php] $_POST['food'] = 'ice cream'; $_POST['brand'] = 'Ben '; $_POST[' Jerry's'] = undefined; [/code] The last one, called ' Jerry's' is actually a syntax error in PHP too, since the single quote is not escaped.
@FredAtauthorFeb 15.2007 — #Bear with me while I try and understand all this. I can see the issue when on the server side there is a scripting language that is liable to misnterpert unescaped reserved characters. However, I am more concerned with things going wrong at the browser end. This is because in my case the browser is communicating with a custom server that is not liable to misinterpret unencoded data. So my only real concern is confusing the browser in some way by not escaping data I send out to the server using XMLHttpRequest.
I am finding that I [B]can[/B] get away with not URL encoding my POST data - i.e. XHR seems to work just fine and sends out UTF8 strings (I am using non ASCII characters) which I get at the other end in the correct form.
I guess what I am trying to do is improve efficiency on the server side by being able to skip the decoding step.
@felgallFeb 15.2007 — #In most cases the server side processing will decode the post data automatically so if it is ne encoded properly to start with it may get scrambled or it may even cause the whole page to fail to load properly depending on what invalid characters you pass.