How to properly create HTML links in PHP?

by

How to dynamically build HTML links with query string?

If you need to create query string to be used in HTML link (e.g. <a href="index.php?param1='.$value.'">Link</a>) then you should use http_build_query.
This function accepts 4 parameters, with the first one being an array/object of query data. For the most part the other 3 parameters are irrelevant.

$qs = [
    'a' => 'a',
    'quot;' => 'bar foo',
];
echo '<a href="?' . http_build_query($qs) . '">Link</a>';

However, you should still pass the output of the function through htmlspecialchars to encode the & correctly. “A good framework will do this automatically, like Laravel’s {{ }}”

echo '<a href="?' . htmlspecialchars(http_build_query($qs)) . '">Link</a>';

Alternatively you can pass the third argument to http_build_query as '&amp;', leaving the second one null. This will use &amp; instead of & which is what htmlspecialchars would do.

About spaces.
For use in form data (i.e. query strings) the space should be encoded as + and in any other place it should be encoded as %20 e.g. new%20page.php?my+field=my+val. This is to ensure backwards comparability with all browsers. You can use the newer RFC3986 which will encode the spaces as %20 and it will work in all common browsers as well as be up to date with modern standards.

echo '<a href="?' . http_build_query($qs, null, '&amp;', PHP_QUERY_RFC3986) . '">Link</a>';

rawurlencode vs urlencode

For any part of URL before ? you should use rawurlencode. For example:

$subdir = rawurlencode('blue+light blue');
echo '<a href="'.$subdir.'/index.php">rawurlencode</a>';

If in the above example you used urlencode the link would be broken. urlencode has very limited use and should be avoided.

Do not pass whole URL through rawurlencode. Separators / and other special characters in URL should not be encoded if they are to fulfil their function.

Footnote

There is no general agreement on the best practices for using http_build_query, other than the fact it should be passed through htmlspecialchars just like any other output in HTML context.

Laravel uses http_build_query($array, null, '&', PHP_QUERY_RFC3986)

CodeIgniter uses http_build_query($query)

Symfony uses http_build_query($extra, '', '&', PHP_QUERY_RFC3986)

Slim uses http_build_query($queryParams)

CakePHP uses http_build_query($query)

Twig uses http_build_query($url, '', '&', PHP_QUERY_RFC3986)

More Related Contents:

  1. Get url as www.abcd.com?curr=USD
  2. How do I send to the current page? [closed]
  3. Turn Plain Text URLs into Active Links using PHP [closed]
  4. How to create friendly URL in php?
  5. How can I create friendly URLs with .htaccess?
  6. PHP ini file_get_contents external url
  7. Remove all special characters from a string [duplicate]
  8. Get URL query string parameters
  9. How to get multiple parameters with same name from a URL in PHP
  10. How to replace text URLs and exclude URLs in HTML tags?
  11. How do I linkify urls in a string with php?
  12. Get title of website via link
  13. PHP Get Site URL Protocol – http vs https
  14. best way to determine if a URL is an image in PHP
  15. Beautiful way to remove GET-variables with PHP?
  16. Extract URL from string
  17. Using PHP Replace SPACES in URLS with %20
  18. nginx redirect loop, remove index.php from url
  19. Change WordPress Admin URL
  20. encodeURI() in PHP?
  21. Get current URL path with query string in PHP [duplicate]
  22. How to pass a PHP variable using the URL
  23. Get parts of URL in PHP
  24. Get domain name from full URL
  25. URL Decoding in PHP
  26. get url content PHP [duplicate]
  27. WAMP – Remove localhost from project URL
  28. PHP regex for validating a URL
  29. Get the path with query string on the current http request in PHP [duplicate]
  30. Detecting a url using preg_match? without http:// in the string

Leave a Comment