Query string

from Wikipedia, the free encyclopedia

The query component , often query string ( English for query string ) is part of a Uniform Resource Locator (URL) in the World Wide Web and in RFC 3986 specified. The query component contains data, often in the form of named parameters , which can be sent to a web server and evaluated by the downstream server part of a web application .

construction

A query string begins with a question mark ( ?) and ends with a hash sign ( #) or the end of the URL. It often consists of one or more parameters, often in the form of key-value pairs, which are often separated from one another with an ampersand ( &). The parameter name and value are separated by a reserved character , usually an equal sign ( =). The mentioned separators also correspond to the recommendation of the World Wide Web Consortium (W3C).

The following URL contains the query string stichwort=wiki&ausgabe=liste:

http://www.example.org/suche?stichwort=wiki&ausgabe=liste

In this case the parameter is stichwortthe value wikiand the parameter ausgabevalue listeassigned.

example

A web form is implemented as follows:

<form action="suche.php" method="get">
    <label for="stichwort">Suche nach</label>
    <input type="text" name="stichwort" id="stichwort" />

    <input type="hidden" name="suchdatum" value="2019-11-27" />

    <input type="submit" value="Suche starten" />
</form>

Note the hidden ( type="hidden") field suchdatum. It is not visible in the browser, but becomes part of the query string when the form is sent. The submit button, on the other hand, is not included in the query string, as no name ( name) has been assigned to it. If the user enters the keyword "wiki" in the text field and submits the form, the following URL, for example, is stichwort=wiki&suchdatum=2019-11-27generated with the corresponding query string :

http://<server>/suche.php?stichwort=wiki&suchdatum=2019-11-27

Evaluation (in PHP)

The query string can be queried in PHP . The content of the query string is available as an array .

echo $_GET['stichwort'];

outputs, for example, the text that was entered in the search field.

print_r($_GET);

results with the example above

Array
(
    [stichwort] => wiki
    [suchdatum] => 2019-11-27
)

Cons and Problems

Coding

Some characters must not appear in a query string, otherwise they can be interpreted incorrectly. If, for example, the equal sign is used within a value, this is incorrectly recognized as a key-value separator. When generating the query string, these characters must be specially encoded - for example, a space would have to be +converted into a plus sign ( ).

Separator for parameters

The ampersand ( &) as a separator of key-value pairs is problematic in HTML documents, as this character has to be specially encoded according to the World Wide Web Consortium (W3C). The W3C therefore recommends separating the pairs with a semicolon ( ;).

Security risks

Since the query string is part of the URL, it can be viewed and modified by every Internet user in the browser . In a web application, only non-critical parameters should therefore be inserted into the query string, such as the entry in a search field.

Technical restrictions

If a larger amount of data has to be transferred, it is advisable not to transfer it via the URL, but in the message body using the HTTP method POST , as some restrictions apply to URLs:

  • For reasons of compatibility, the HTTP specification recommends a maximum size of 255 bytes for URLs or URIs .
  • The Internet Explorer does not support URLs that consist of more than 2,083 characters.
  • Web servers can limit the maximum length of a query string themselves. If this limit is exceeded, the server sends the HTTP status code 414 back to the client.
  • The (meanwhile outdated) HTML 3 specification prescribes a maximum length of link targets of 1024 characters. This restriction no longer exists as of HTML 4.

See also

Individual evidence

  1. ^ T. Berners-Lee, R. Fielding, L. Masinter:  RFC 3986  - Uniform Resource Identifier (URI): Generic Syntax . [Errata: RFC 3986 ]. January 2005. Section 3.4: Query.  Default: [66]. (Replaces RFC 2732 , RFC 2396 , RFC 1808 - Updated by RFC 6874 , RFC 7320  - English).
  2. 17 Forms. 17.13.4 Form content types. In: HTML 4.01 Specification. World Wide Web Consortium (W3C), March 27, 2018, accessed November 27, 2019 .
  3. W3C recommendation for separating the key-value pairs
  4. HTTP / 1.1 specification
  5. http://support.microsoft.com/kb/208427
  6. HTML 3 specification