Home > Article > Backend Development > Solution to transmit Chinese characters and special dangerous characters in php URL_PHP Tutorial
This article combines the urldecode and base64_encode functions in PHP and then combines the replacement function written by myself to safely transfer Chinese characters and special dangerous characters in the URL. Friends who need to know more can refer to it.
We need to pass Chinese characters or other special characters such as HTML in the URL. There seems to be all kinds of chaos. Different browsers encode them differently.
For Chinese, the general approach is:
Before passing these text strings to the url, perform urlencode($text) first;
But for some very "dangerous" characters, such as html characters, or even SQL injection-related characters, if they are obviously passed to the system, the system will generally filter them out for security reasons.
Now, we need these dangerous characters, what should we do?
The way I think of it is to base64_encode($text) them first, and then decode them with base64_decode($text) when they get to the server,
It seems perfect, but I encountered another problem during use. The string encoded by base64_encode contains "/", "+", "=" and other characters,
The base64_encode() function needs to pass the user input view (a small amount of content) in the URL. When the user submits (post submission), it is an array. So I use the bse64_encode() function to encrypt the view. When jumping to the processing page When I receive it again, the encrypted data on both sides is wrong. There is a + character missing.
User submission encryption:
tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz+vI69ehsKEhfHw=
Received using get on the processing page:
tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw=
In comparison, I found that there is a missing plus sign. I don’t know what the reason is (guess it may be that the + character may not be obtained during get!). Please give some advice from experts.
These characters are special characters in URL encoding, such as "+", which represents "space", but different browsers encode "space" differently. Some use "+" to represent it, and some use "+" to represent "space". "20%" means, that is to say, if these base64_encoded strings are passed in the URL, when browsing with different browsers, the server will get different values.
So, I thought of a compromise, first replace these base64 encoded special characters, and then replace them back after reaching the server:
Solution:
1. When the user submits the encrypted string, I replace the + character with other characters. For example: str_replace('+', '_', $content);
2. Convert again on the processing page: such as: str_replace('_', '+', $content);
The code is as follows | Copy code | ||||
|
The following is the effect obtained in the browser
xOO6w6Osuf65_aiy_atL_b00Ke5_b8jnus6ho6GjoaM_c
The urldecode instance method is very simple
urldecode ( string $str )
Decode any %## in the given encoded string. Returns the decoded string.
Example #1 urldecode() Example
The code is as follows | Copy code | ||||
$i = 0; while ($i < count($a)) { $b = split('=', $a[$i]); |