search
Homephp教程php手册php中url传递中文字符,特殊危险字符的解决方案

php中url传递中文字符,特殊危险字符的解决方案

Jun 13, 2016 am 11:15 AM
phpurlurldecodeChinesetransferDangercharacterarticleofcombinesolution

本文章结合php中的urldecode,base64_encode函数然后再结合自己写的替换函数来进行安全传递url中文字符,特殊危险字符,有需要了解的朋友可参考。  

我们需要在url中传递中文字符或是其它的html等特殊字符,似乎总会有各种乱,不同的浏览器对他们的编码又不一样,

对于中文,一般的做法是:

把这些文本字符串传给url之前,先进行urlencode($text)一下;

但是对于一些很“危险”的字符,比如说html字符,甚至是SQL注入相关的字符,如果很明显的传给系统,出于安全考虑,系统一般都会把它们过滤掉的。

现在,我们需要这些危险字符,该这么办?

我想到的办法是 先给它们 base64_encode($text) 编码,到服务端时,又给它们 base64_decode($text) 解码,

貌似很完美,但是在使用的过程中又遇到一个问题,base64_encode 编码后的字符串中含有 "/", "+", "=" 等字符,


base64_encode()函数由于要在url中传用户输入观点(少量的内容),当用户提交(post提交)过来的是一个数组.所以我把观点用bse64_encode()函数给加密.当跳转到处理页面时,我再给get接收,这时出现两边加密的数据不对.少了一个+字符.

用户提交加密:

tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz+vI69ehsKEhfHw=


在处理页面用get接收到的:

tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw=

对比找到少了一个加号,不知道是什么原因导制的(猜想可能是get时,+字符可能不能得到吧!).还请高手指点.

这些字符在url编码中又是特殊字符,比如 "+" ,它就表示 “空格”,但是不同的浏览器对“空格”的编码又不一样,有的是用“+”表示,有的是用“20%”表示,也就是说,让这些base64_encode编码后的字符串在url中传递,用不同的浏览器去浏览时,服务端得到值不一样。

于是乎,想到了一个折中办法,先将这些base64编码后的特殊字符替换掉,到服务端后,又替换回来:


解决方法:

一.在用户提交加密串的时间,我把+字符给换成别的字字符.如:str_replace('+', '_', $content);
二.在处理页面再次转换一次:如:str_replace('_', '+', $content);

 代码如下 复制代码

function base_encode($str) {
        $src  = array("/","+","=");
        $dist = array("_a","_b","_c");
        $old  = base64_encode($str);
        $new  = str_replace($src,$dist,$old);
        return $new;
}
 
function base_decode($str) {
        $src = array("_a","_b","_c");
        $dist  = array("/","+","=");
        $old  = str_replace($src,$dist,$str);
        $new = base64_decode($old);
        return $new;
}

下面是在浏览器中得到的效果

xOO6w6Osuf65_aiy_atL_b00Ke5_b8jnus6ho6GjoaM_c

urldecode实例方法很简单

urldecode ( string $str )
解码给出的已编码字符串中的任何 %##。返回解码后的字符串。

Example #1 urldecode() 例子

 代码如下 复制代码

$a = explode('&', $QUERY_STRING);
$i = 0;
while ($i     $b = split('=', $a[$i]);
    echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])),
         ' is ', htmlspecialchars(urldecode($b[1])), "
";
    $i++;
}
?>


Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)