Should I URL-encode POST data

Question

I m POSTing data to an external API  using PHP  if it s relevant   Should I URL-encode the POST variables that I pass  Or do I only need to URL-encode GET data   UPDATE  This is my PHP  in case it is relevant   fields   array       mediaupload   gt  file field       username   gt urlencode   POST  quot username quot          password   gt urlencode   POST  quot password quot          latitude   gt urlencode   POST  quot latitude quot          longitude   gt urlencode   POST  quot longitude quot          datetime   gt urlencode   POST  quot datetime quot          category   gt urlencode   POST  quot category quot          metacategory   gt urlencode   POST  quot metacategory quot          caption   gt    POST  quot description quot        fields string   http build query  fields    ch   curl init    curl setopt  ch  CURLOPT URL  url   curl setopt  ch CURLOPT POST count  fields    curl setopt  ch CURLOPT POSTFIELDS  fields   curl setopt  ch  CURLOPT RETURNTRANSFER  1    response   curl exec  ch

User · Answer

curl will encode the data for you  just drop your raw field data into the fields array and tell it to  go

User · Answer

DougW has clearly answered this question  but I still like to add some codes here to explain Doug s points   And correct errors in the code above   Solution 1   URL-encode the POST data with a content-type header  application x-www-form-urlencoded    Note  you do not need to urlencode   POST   fields one by one  http build query   function can do the urlencoding job nicely    fields   array       mediaupload   gt  file field       username   gt   POST  username         password   gt   POST  password         latitude   gt   POST  latitude         longitude   gt   POST  longitude         datetime   gt   POST  datetime         category   gt   POST  category         metacategory   gt   POST  metacategory         caption   gt   POST  description        fields string   http build query  fields     ch   curl init    curl setopt  ch  CURLOPT URL  url   curl setopt  ch  CURLOPT POST 1   curl setopt  ch  CURLOPT POSTFIELDS  fields string   curl setopt  ch  CURLOPT RETURNTRANSFER  1    response   curl exec  ch     Solution 2  Pass the array directly as the post data without URL-encoding  while the Content-Type header will be set to multipart form-data     fields   array           mediaupload   gt  file field           username   gt   POST  username             password   gt   POST  password             latitude   gt   POST  latitude             longitude   gt   POST  longitude             datetime   gt   POST  datetime             category   gt   POST  category             metacategory   gt   POST  metacategory             caption   gt   POST  description                ch   curl init        curl setopt  ch  CURLOPT URL  url       curl setopt  ch  CURLOPT POST 1       curl setopt  ch  CURLOPT POSTFIELDS  fields       curl setopt  ch  CURLOPT RETURNTRANSFER  1        response   curl exec  ch     Both code snippets work  but using different HTTP headers and bodies

User · Answer

Above posts answers questions related to URL Encoding and How it works  but the original questions was  Should I URL-encode POST data   which isn t answered   From my recent experience with URL Encoding  I would like to extend the question further   Should I URL-encode POST data  same as GET HTTP method  Generally  HTML Forms over the Browser if are filled  submitted and or GET some information  Browsers will do URL Encoding but If an application exposes a web-service and expects Consumers to do URL-Encoding on data  is it Architecturally and Technically correct to do URL Encode with POST HTTP method

User · Answer

General Answer The general answer to your question is that it depends   And you get to decide by specifying what your  quot Content-Type quot  is in the HTTP headers  A value of  quot application x-www-form-urlencoded quot  means that your POST body will need to be URL encoded just like a GET parameter string   A value of  quot multipart form-data quot  means that you ll be using content delimiters and NOT url encoding the content  This answer has a much more thorough explanation if you d like more information   Specific Answer For an answer specific to the PHP libraries you re using  CURL   you should read the documentation here  Here s the relevant information   CURLOPT POST TRUE to do a regular HTTP POST  This POST is the normal application x-www-form-urlencoded kind  most commonly used by HTML forms  CURLOPT POSTFIELDS The full data to post in a HTTP  quot POST quot  operation  To post a file  prepend a filename with   and use the full path  The filetype can be explicitly specified by following the filename with the type in the format   type mimetype   This parameter can either be passed as a urlencoded string like  para1 val1 amp para2 val2 amp      or as an array with the field name as key and field data as value  If value is an array  the Content-Type header will be set to multipart form-data  As of PHP 5 2 0  value must be an array if files are passed to this option with the   prefix

[http] Should I URL-encode POST data?

Examples related to http

Examples related to post

Examples related to http-post

Examples related to urlencode