I found two errors, so I did the one which was a more obvious flub, rather than the first one I found. But it made me worry about the rest of the code.
The spec is also underspecified for what to do on duplicates. The behavior of last-wins is quite common, but I would prefer a comment that highlights the implementation-defined resolution of that ambiguity.
With experience, I've learned to be very distrustful about what goes in query strings. Users put in unexpected values, and there can be security holes when, say, the input verification code resolves ambiguities one way and the actual code resolves it another way.
The spec is also underspecified for what to do on duplicates. The behavior of last-wins is quite common, but I would prefer a comment that highlights the implementation-defined resolution of that ambiguity.
With experience, I've learned to be very distrustful about what goes in query strings. Users put in unexpected values, and there can be security holes when, say, the input verification code resolves ambiguities one way and the actual code resolves it another way.