Prevent encoding when using $input->queryString??

[Vigilante]

I used $input->queryString when creating URLs to maintain existing URL parameters.

I need some parameters to be like a CSV string such as "?option=12,34,56,78".

Commas are an allowed and safe character in a URL without needing to be encoded, however, the queryString function is encoding them as %2C which is ugly. "?option=12%2C34%2C..."

Since this is a safe character and doesn't need encoding, can I tell queryString to not encode these characters?

Or is something else causing this encoding to happen?

[kongondo]

Just wondering, are you sure it is not your browser doing the encoding? $input->queryString() returns the unsanitized query string.

[Vigilante]

Apparently the encoding is from PHP, as PW just uses the http_build_query() directly, and that uses RFC1738 encoding.

However, it's confusing, because RFC1738 allows symbols like dollar sign, comma, and others as "safe" and do not require encoding.

http://www.faqs.org/rfcs/rfc1738.html

It says this:
"Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL."

But it is encoding those characters anyway. I just want commas in my url parameters and there is no way to do it.

I ended up calling urldecode() on the return value from $input->queryString. I know this is probably not safe, but I need my unencoded "safe" characters!