在用PHP做东西的时候发现了一个问题,可以简单的归结为乱码的问题,但是这个问题不是函数本身造成的。来看看罪魁祸首是谁。
嫌疑人:base64_encode 和 base64_decode
罪行:我写了一个跳转和提示函数,接收提示信息后跳转到指定的页面,但是跳转提示时汉字乱码。
跳转模版代码如下:
PHP redirect函数定义如下:
/* 提醒后跳转 */
function _alert( $success=true, $message='success', $time='3', $url='/'){
header('Location:/include/redirect.php?success='.$success.'&message='.base64_encode($message).'&time='.$time.'&url='.base64_encode($url));
exit;
}
假如在PHP中这样调用函数的话:
$query = "update content set bid='$clean[bid]',title='$clean[title]',content='$clean[content]',path='$clean[path]' where id=".$clean['id'];
if( mysql_query($query) ){
_alert(1,'修改成功',3,'/admin/manage.php');
}else{
_alert(false,'修改失败'.mysql_error(),5,'/admin/manage.php');
}
你就会看到,“修改成功”或者是“修改失败”这几个汉字乱码了。
为什么?
有时候用base64_encode加密后,以GET的形式传到其他页面,用base64_decode解密的时候,出现乱码。
遇到这个问题的时候,我就纳闷了,为什么有一些能正确解密,但是有一些却出现乱码呢?
后来经过检查,发现有一些中文字符,用GET形式传过来的时候,+号会被替换成空格。
为了防止出现乱码的情况,我做了一步替换,然后再解密,果然,乱码的问题,不复存在了!
现在问题已经很简单了,只要多写一步就好了
$str = base64_decode(str_replace(" ","+",$_GET['str']));
原来,文章一开始定错了嫌疑人了,冤枉了那两个函数了。。。
还可以参考这篇文章:PHP安全的URL字符串base64编码和解码

Sessionlockingisatechniqueusedtoensureauser'ssessionremainsexclusivetooneuseratatime.Itiscrucialforpreventingdatacorruptionandsecuritybreachesinmulti-userapplications.Sessionlockingisimplementedusingserver-sidelockingmechanisms,suchasReentrantLockinJ

Alternatives to PHP sessions include Cookies, Token-based Authentication, Database-based Sessions, and Redis/Memcached. 1.Cookies manage sessions by storing data on the client, which is simple but low in security. 2.Token-based Authentication uses tokens to verify users, which is highly secure but requires additional logic. 3.Database-basedSessions stores data in the database, which has good scalability but may affect performance. 4. Redis/Memcached uses distributed cache to improve performance and scalability, but requires additional matching

The article discusses PHP, detailing its full form, main uses in web development, comparison with Python and Java, and its ease of learning for beginners.

PHP handles form data using $\_POST and $\_GET superglobals, with security ensured through validation, sanitization, and secure database interactions.

The article compares PHP and ASP.NET, focusing on their suitability for large-scale web applications, performance differences, and security features. Both are viable for large projects, but PHP is open-source and platform-independent, while ASP.NET,

PHP's case sensitivity varies: functions are insensitive, while variables and classes are sensitive. Best practices include consistent naming and using case-insensitive functions for comparisons.

The article discusses various methods for page redirection in PHP, focusing on the header() function and addressing common issues like "headers already sent" errors.

Article discusses type hinting in PHP, a feature for specifying expected data types in functions. Main issue is improving code quality and readability through type enforcement.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

SublimeText3 Chinese version
Chinese version, very easy to use

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
