According to https://stackoverflow.com/a/1734255/1529630, encodeURIComponent
is the same as rawurlencode
, but !*'()
aren't escaped, e.g.,
function encodeURIComponent($str) {
$revert = array('%21'=>'!', '%2A'=>'*', '%27'=>"'", '%28'=>'(', '%29'=>')');
return strtr(rawurlencode($str), $revert);
}
But then, does it matter that difference?
Normally, I use something like
wrapper.innerHTML = '<a href="foo.php?bar=' + encodeURIComponent(myVar) + '">Link</a>';
echo '<a href="foo.php?bar=' . rawurlencode(myVar) . '">Link</a>';
If then, in foo.php
, I use $_GET['bar']
, is it possible to get different results, due to the difference between encodeURIComponent
and rawurlencode
?
You only need to escape characters that can have special uses within the code.
For example the following can be used to ask the code to do a mathematical comparison or calcuation - < , > , + , - , / , =
then there's reserved characters specific to URL creation such as - ? , @ , %, #
The characters !*'() have no special meaning and so won't be misinterpreted so don't need escaping. You can however escape characters unnecessarily so it might look like a different result, but it would mean/do the same thing.
This has a more thorough breakdown - http://www.blooberry.com/indexdot/html/topics/urlencoding.htm