Post , UrlDecode and Ampersand

Sannyasin Sivakatirswami katir at hindu.org
Sat Dec 20 23:57:22 EST 2003


Context is a faceless CGI that starts like this:

on startup
if $REQUEST_METHOD is "POST" then
## repeat read to get around bug in reading stnIn
   repeat until length(tIncoming) >= $CONTENT_LENGTH
     read from stdin until empty
     put it after tIncoming
   end repeat
    put  urlDecode (tIncoming)  into tDataIn
    split tDataIn by "&" and "="

Where the client http post urlEncoded string is issued from inside a 
Rev stack and not a browser.

This above works great until someone types an ampersand in the middle 
of field of text that is posted. This causes that field's text that is 
meant for a single element in the array to break out into another 
element. And worse, the subsequent element isn't named (there is no "=" 
in the text that is split off)

Now, there are obvious work arounds, such as, on the server/cgi side: 
taking the

"+%26+" which is the encoded ampersand, and then replacing this with 
some place holder like a pipe "|"  ("+%7C+") first, then split the data 
into the array and deal with the pipe later by replacing it back to an 
ampersand.

Or, on the client side; setting up the stack that issues the posted 
string to strip the ampersand out or change it to the word "and." But 
something feels "off" about either of those options. So, before going 
down that road, since the ampersand character is the official concat 
character for urlEncoded form strings, I am wondering if any of you 
wonderful souls out there know if there is already an established 
internet IT spec for the proper way to handle this... or does everyone 
just do WHEW (WHatEver Works) ??

Sannyasin Sivakatirswami
Himalayan Academy Publications
at Kauai's Hindu Monastery
katir at hindu.org

www.HimalayanAcademy.com,
www.HinduismToday.com
www.Gurudeva.org
www.Hindu.org



More information about the use-livecode mailing list