This is a tutorial on how to get the FULL query string as a string using PHP.
Most people are aware of how to retrieve URL parameters using the $_GET array. However, what if you wanted to retrieve these parameters as a string?
Let’s say, for example, that we have the following URL:
As you can see, the query string in the URL above contains three GET parameters.
If we want to retrieve everything after the question mark and assign it to a string, we can simply access the QUERY_STRING element in the $_SERVER superglobal array like so:
//Get the full string $queryString = $_SERVER['QUERY_STRING']; var_dump($queryString);
If we were to run our code snippet above on the URL in question, it would return the following string:
Note how this string does not contain the question mark symbol. If this symbol is needed, then you will need to re-add it yourself.
What if there is no query string?
If there is no query string, then the QUERY_STRING key in $_SERVER will be an empty string.
Unlike other elements in the $_SERVER array, QUERY_STRING should always exist.
Why is this useful?
This can be useful for a number of reasons.
The first two that spring to mind are:
- You can use the string to build pagination links.
- It can be used to get the full URL of a web page.
QUERY_STRING and XSS.
You should never print the QUERY_STRING variable out onto the page without filtering it first.
If you do this, you will leave yourself open to the possibility of a Cross Site Scripting (XSS) attack.
$queryString = $_SERVER['QUERY_STRING']; echo '<a href="file.php?' . $queryString . '">Link</a>';
To be safe, you should wrap it in the htmlentities function like so:
//Example using htmlentities $queryString = $_SERVER['QUERY_STRING']; echo '<a href="file.php?' . htmlentities($queryString) . '">Link</a>';
Hopefully, you found this guide useful!