Re: Ampersands in the HTTP Header from Liam Quinn on 2005-02-25 (www-validator@w3.org from February 2005)

From: Liam Quinn <liam@htmlhelp.com>
Date: Thu, 24 Feb 2005 22:17:08 -0500 (EST)
To: Richard Neill <rn214@hermes.cam.ac.uk>
cc: www-validator@w3.org
Message-ID: <Pine.LNX.4.44.0502242211290.28516-100000@localhost.localdomain>

On Fri, 25 Feb 2005, Richard Neill wrote:

> I read your page on Ampersands in URLs, and duly arranged all my
> URLs to be like this:
> 
> <a href="http://www.example.com/index.php?foo=bar&amp;baz=wombat"> link</a>
> 
> So far, so good. BUT, if one does the same thing with HTTP headers, eg 
> this fragment of PHP:
> 
> 
> $redirect_location='http://www.example.com/index.php?foo=bar&amp;baz=wombat';
> header("Location: $redirect_location");
> 
> then it will fail. It is necessary (tested in both Konqueror and 
> Mozilla) to use '&' , NOT '&amp;' in this case. Otherwise, the '&amp;' 
> is not evaluated, and the index.php script does not get to know the 
> value of baz.

"&" should be escaped as "&amp;" in HTML where "&" has a special meaning
(as the start of an entity or character reference).  HTTP headers are not
HTML, and "&" does not have a special meaning in HTTP headers.

-- 
Liam Quinn

Received on Friday, 25 February 2005 03:16:47 UTC