Solution to transmit Chinese characters and special dangerous characters in php URL

Home

Backend Development

PHP Tutorial

Solution to transmit Chinese characters and special dangerous characters in php URL_PHP Tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 20, 2016 am 10:59 AM

phpurlurldecodeChinesetransferDangercharacterarticleofcombinesolution

This article combines the urldecode and base64_encode functions in PHP and then combines the replacement function written by myself to safely transfer Chinese characters and special dangerous characters in the URL. Friends who need to know more can refer to it.

We need to pass Chinese characters or other special characters such as HTML in the URL. There seems to be all kinds of chaos. Different browsers encode them differently.

For Chinese, the general approach is:

Before passing these text strings to the url, perform urlencode($text) first;

But for some very "dangerous" characters, such as html characters, or even SQL injection-related characters, if they are obviously passed to the system, the system will generally filter them out for security reasons.

Now, we need these dangerous characters, what should we do?

The way I think of it is to base64_encode($text) them first, and then decode them with base64_decode($text) when they get to the server,

It seems perfect, but I encountered another problem during use. The string encoded by base64_encode contains "/", "+", "=" and other characters,

The base64_encode() function needs to pass the user input view (a small amount of content) in the URL. When the user submits (post submission), it is an array. So I use the bse64_encode() function to encrypt the view. When jumping to the processing page When I receive it again, the encrypted data on both sides is wrong. There is a + character missing.

User submission encryption:

tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz+vI69ehsKEhfHw=

Received using get on the processing page:

tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw=

In comparison, I found that there is a missing plus sign. I don’t know what the reason is (guess it may be that the + character may not be obtained during get!). Please give some advice from experts.

These characters are special characters in URL encoding, such as "+", which represents "space", but different browsers encode "space" differently. Some use "+" to represent it, and some use "+" to represent "space". "20%" means, that is to say, if these base64_encoded strings are passed in the URL, when browsing with different browsers, the server will get different values.

So, I thought of a compromise, first replace these base64 encoded special characters, and then replace them back after reaching the server:

Solution:

1. When the user submits the encrypted string, I replace the + character with other characters. For example: str_replace('+', '_', $content);
2. Convert again on the processing page: such as: str_replace('_', '+', $content);

The code is as follows

Copy code

代码如下

复制代码

function base_encode($str) {
        $src = array("/","+","=");
        $dist = array("_a","_b","_c");
        $old = base64_encode($str);
        $new = str_replace($src,$dist,$old);
        return $new;
}

function base_decode($str) {
        $src = array("_a","_b","_c");
        $dist = array("/","+","=");
        $old = str_replace($src,$dist,$str);
        $new = base64_decode($old);
        return $new;
}

function base_encode($str) { $src = array("/","+","="); $dist = array("_a","_b","_c"); $old = base64_encode($str); $new = str_replace($src,$dist,$old); return $new; } function base_decode($str) { $src = array("_a","_b","_c"); $dist = array("/","+","="); $old = str_replace($src,$dist,$str); $new = base64_decode($old); return $new; }

The following is the effect obtained in the browser

xOO6w6Osuf65_aiy_atL_b00Ke5_b8jnus6ho6GjoaM_c

The urldecode instance method is very simple

urldecode ( string $str )
Decode any %## in the given encoded string. Returns the decoded string.

Example #1 urldecode() Example

The code is as follows

Copy code

代码如下	复制代码
$a = explode('&', $QUERY_STRING); $i = 0; while ($i $b = split('=', $a[$i]); echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])), ' is ', htmlspecialchars(urldecode($b[1])), " "; $i++; } ?>

$a = explode('&', $QUERY_STRING);
$i = 0; while ($i $b = split('=', $a[$i]);

http://www.bkjia.com/PHPjc/445609.htmlwww.bkjia.comtrue

http: //www.bkjia.com/PHPjc/445609.htmlTechArticleThis article combines the urldecode and base64_encode functions in php and then combines the replacement function written by myself to safely transfer the url Chinese Characters, special dangerous characters, friends who need to know more can refer to...

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

What are some performance considerations when using PHP sessions?May 02, 2025 am 12:11 AM

PHP sessions have a significant impact on application performance. Optimization methods include: 1. Use a database to store session data to improve response speed; 2. Reduce the use of session data and only store necessary information; 3. Use a non-blocking session processor to improve concurrency capabilities; 4. Adjust the session expiration time to balance user experience and server burden; 5. Use persistent sessions to reduce the number of data read and write times.

How do PHP sessions differ from cookies?May 02, 2025 am 12:03 AM

PHPsessionsareserver-side,whilecookiesareclient-side.1)Sessionsstoredataontheserver,aremoresecure,andhandlelargerdata.2)Cookiesstoredataontheclient,arelesssecure,andlimitedinsize.Usesessionsforsensitivedataandcookiesfornon-sensitive,client-sidedata.

How does PHP identify a user's session?May 01, 2025 am 12:23 AM

PHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.

What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AM

The security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.

Where are PHP session files stored by default?May 01, 2025 am 12:15 AM

PHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

4 weeks agoByDDD

How to fix KB5055523 fails to install in Windows 11?

3 weeks agoByDDD

InZoi: How To Apply To School And University

1 months agoByDDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks agoByDDD

Where to find the Site Office Key in Atomfall

4 weeks agoByDDD

Hot Tools

Dreamweaver Mac version

Visual web development tools

WebStorm Mac version

Useful JavaScript development tools

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.