10

I understand with GET request they need to be entered into a URL and therefore need to be URL (percent) encoded so that they don't mean anything in the context of a server interpreting the URL.

But if data is in the body of a request rather than the URL then why does it need to be URL encoded?

Example:

enter image description here

Felipe Warrener-Iglesias
  • 634
  • 3
  • 19
  • 6
    That request is sent with `Content-Type: application/x-www-form-urlencoded` which says "My body is url encoded" - so it must be url encoded. As to why the encoding is needed at all see https://stackoverflow.com/a/4073451/246342 – Alex K. Nov 25 '17 at 19:59
  • 2
    If it's not url-encoded, you will not, in general, be able to uniquely parse the string into key-value pairs. Regardless of whether it's in the url (get) or in the body, the url-encoding ensures there is no ambiguity in understanding what has been sent. – realharry Nov 25 '17 at 20:14
  • 1
    @AlexK. thanks for forwarding me that question, that one gives very good insight into what's actually happening. – Felipe Warrener-Iglesias Nov 25 '17 at 20:47
  • I have the exact same question. Did you find a definite answer? – Florian Walther Oct 19 '18 at 10:53
  • 2
    @FlorianWalther the answer is that when we use POST, data is still submitted as a series of name=value pairs. Therefore we still need to url encode so that we can't have things like '=' or '&' in the value which will mes up the parsing of the values on the server. :) – Felipe Warrener-Iglesias Oct 19 '18 at 11:15
  • Thank you! That makes sense. No one really explains this anywhere, it's crazy. – Florian Walther Oct 19 '18 at 11:26

0 Answers0