A query string is a part of a uniform resource locator (URL) that assigns values to specified parameters. A query string commonly includes fields added to a base URL by a Web browser or other client application, for example as part of an HTML, choosing the appearance of a page, or jumping to positions in multimedia content.
A web server can handle a Hypertext Transfer Protocol (HTTP) request either by reading a file from its file system based on the URL path or by handling the request using logic that is specific to the type of resource. In cases where special logic is invoked, the query string will be available to that logic for use in its processing, along with the path component of the URL.
Typical URL containing a query string is as follows:
When a server receives a request for such a page, it may run a program, passing the query string, which in this case is “name=ferret”, unchanged to the program. The question mark is used as a separator, and is not part of the query string.
Web frameworks may provide methods for parsing multiple parameters in the query string, separated by some delimiter. In the example URL below, multiple query parameters are separated by the ampersand, “&”:
The exact structure of the query string is not standardized. Methods used to parse the query string may differ between websites.
A link in a web page may have a URL that contains a query string. HTML defines three ways a user agent can generate the query string:
- an HTML form via the
- a server-side image map via the
ismapattribute on the
<img>element with an
- an indexed search via the now deprecated
Some characters cannot be part of a URL (for example, the space) and some other characters have a special meaning in a URL: for example, the character “#” can be used to further specify a subsection (or fragment) of a document. In HTML forms, the character “=” is used to separate a name from a value. The URI generic syntax uses URL encoding to deal with this problem, while HTML forms make some additional substitutions rather than applying percent encoding for all such characters. SPACE is encoded as ‘+’ or ‘%20″.
HTML 5 specifies the following transformation for submitting HTML forms with the “GET” method to a web server. The following is a brief summary of the algorithm:
- Characters that cannot be converted to the correct charset are replaced with HTML numeric character references
- SPACE is encoded as ‘+’ or ‘%20’
- Letters (A–Z and a–z), numbers (0–9) and the characters ‘~’,’-‘,’.’ and ‘_’ are left as-is
- ‘+’ is encoded by %2B
- All other characters are encoded as a ‘%HH’ hexadecimal representation with any non-ASCII characters first encoded as UTF-8 (or other specified encoding)
The octet corresponding to the tilde (“~”) is permitted in query strings by RFC3986 but required to be percent-encoded in HTML forms to “%7E”.
The encoding of SPACE as ‘+’ and the selection of “as-is” characters distinguishes this encoding from RFC 3986.
If a form is embedded in an HTML page as follows:
<form action="/cgi-bin/test.cgi" method="get"> <input type="text" name="first" /> <input type="text" name="second" /> <input type="submit" /> </form>
and the user inserts the strings “this is a field” and “was it clear (already)?” in the two text fields and presses the submit button, the program “test.cgi” (the program specified by the “action” attribute of the “form” element in the above example) will receive the following query string:
If the form is processed on the server by a CGI script, the script may typically receive the query string as an environment variable named “QUERY_STRING”.
Source: Query string, https://en.wikipedia.org/wiki/Query_string [Retrieved November 18, 2021]