PHP uses [] in query parameter names to ensure that multiple occurrences of a parameter are all present in $_GET superglobal variable. (Otherwise only last occurrence is present.) (Any other software does that?)

But from RFC 3986 (and others as well) it seems that neither [ nor ] are allowed in query string.

Yet my experiments with various browsers suggested that no browser encodes those characters and they are there in the URI just like that...

Is this real life practice? Or am I testing it incorrectly? I tested with PHP 5.3.17 on IIS 7. Using Internet Explorer, Firefox and Chrome. Then I compared what is in $_SERVER['QUERY_STRING'] and $_GET.

It is common practice. It's a way of passing arrays in to the back-end script, and works with ASP and PHP (Never tested with ASP.net, but was common practice when I used ASP back in ~2004). As far as I know, there is not another way to pass an array to your script unless you use javascript and .join or something similar.

You can view http://www.thefutureoftheweb.com/blog/use-arrays-with-html-form-inputs as one of the references of how to use arrays within your HTML forms to be passed to your backend. Though, to be fair, most of the time they are used in conjunction with 'POST' rather than 'GET'.