I have a bit of code which checks 2 $_GET variables with preg_match. It also looks up one variable value in the database. The problem is that the email address which is url encoded and the @ symbol is replaced with %40 is not turned back into readable text when I call the variable.
So if I call $_GET['email'] the value displayed is someone%40example.com while it should be someone@example.com
I understand $_GET variables get decoded automatically but it is not working for me. This problem came with the installation of SSL on this domain. Could it have something to do with that?
Here's my code:
if (isset($_GET['Email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['Email'])) {
$Email = $_GET['Email'];
}
U need to put urldecode()
$_GET variable doesnot get url decoded automatically. You have to do it manually.
Do something like this
if (isset($_GET['Email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', urldecode($_GET['Email'])))
{
$Email = urldecode($_GET['Email']);
}
Also, this is not the proper way of validating email
Check your content-type header you are sending. If you are submitting a form, then I you should probably be using application/x-www-form-urlencoded type in your form to tell PHP that the data is URL-encoded and should be automatically decoded. That is unless you are submitting a file upload, in which case multipart/form-data is appropriate and may require manual decoding of content (using urldecode() depending on how it is actually sent. You can inspect $_SERVER['CONTENT_TYPE'] to help you programatically determine whether you need to manually decode.
A few other pointers:
You should probably consider using POST here instead of GET unless your expectation is that this would be a navigable page/or endpoint tied to that email address (i.e. something someone could bookmark). Think for the GET action is reading something from a location specified by the query string and POST as being related to making some specific action related to the POSTed data.
You should consider using filter_var() or filter_input() along with the email validation filter instead of regex.
Suggested usage would be:
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if(false === $email) {
// validation failed
}
// or
$email = filter_input(INPUT_GET, 'email', FILTER_VALIDATE_EMAIL);
if(is_null($email) {
// key was not present in GET params
} else if (false === $email) {
// validation failed
}