{"id":2255,"library":"querystring-parser","title":"Python QueryString Parser","description":"querystring-parser is a Python library designed for parsing URL query strings, particularly within Python and Django projects. Its key feature is the ability to correctly interpret and construct nested dictionaries from complex query string data, such as that often sent from HTML forms. The current version is 1.2.4, and its release cadence appears mature with infrequent updates.","status":"active","version":"1.2.4","language":"en","source_language":"en","source_url":"https://github.com/bernii/querystring-parser","tags":["query string","parser","django","nested dictionaries","url parsing","forms"],"install":[{"cmd":"pip install querystring-parser","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"parser","correct":"from querystring_parser import parser"}],"quickstart":{"code":"from querystring_parser import parser\n\nquery_string = 'name=John%20Doe&address[city]=New%20York&address[zip]=10001&items[]=apple&items[]=banana'\nparsed_data = parser.parse(query_string)\n\nprint(parsed_data)\n# Expected output: {'name': 'John Doe', 'address': {'city': 'New York', 'zip': '10001'}, 'items': ['apple', 'banana']}\n\n# Example with Django-style nested dicts (though library handles both standard and Django form data)\nquery_string_django = 'user.name=Alice&user.email=alice@example.com'\nparsed_data_django = parser.parse(query_string_django)\nprint(parsed_data_django)\n# Expected output: {'user': {'name': 'Alice', 'email': 'alice@example.com'}}","lang":"python","description":"Parse a query string into a nested Python dictionary. The library automatically handles URL-encoded values and converts array-like syntax (e.g., `items[]=value`) and dot notation (e.g., `user.name=value`) into appropriate dictionary structures."},"warnings":[{"fix":"Be aware of the distinction; use `querystring-parser` when nested dictionary output is desired for complex query strings. For simple key-value pairs where list values are acceptable, `urllib.parse.parse_qs` might suffice.","message":"Unlike Python's built-in `urllib.parse.parse_qs` which returns lists for all values and flattens nested structures (e.g., `a[b]=c` becomes `{'a[b]': ['c']}`), `querystring-parser` is specifically designed to correctly build nested dictionaries from such inputs. This difference is its primary purpose but can be a 'gotcha' if expecting standard library behavior.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Benchmark critical paths if parsing very long or deeply nested query strings frequently. Consider alternative strategies or simpler parsing if performance becomes an issue and full nested dictionary reconstruction is not strictly necessary.","message":"For complex query strings, especially those containing multidimensional arrays, `querystring-parser` can be significantly slower than standard parsing methods due to the overhead of constructing nested dictionaries. Benchmarks suggest similar performance for simple cases, but a performance penalty for highly nested structures.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always verify the correct package name (`pip install querystring-parser`) and import path (`from querystring_parser import parser`) to avoid accidental use of a different library.","message":"Multiple Python libraries exist with similar names (e.g., `django-query-string-parser`, `pyquerystring`, `querystring`). Ensure you are installing and importing `querystring-parser` (from `bernii/querystring-parser` on GitHub) to get the specific functionality for nested dictionary parsing.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always sanitize and validate any data extracted from query strings before using it in database queries, rendering HTML, or other sensitive operations, even after parsing with this library.","message":"While `querystring-parser` correctly handles nested structures, general security considerations for parsing user-supplied query strings still apply. Unsanitized input, regardless of parser, can lead to vulnerabilities like Injection Attacks or Cross-Site Scripting (XSS).","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}