Solution to transmit Chinese characters and special dangerous characters in php URL_PHP Tutorial

WBOY
Release: 2016-07-20 10:59:31
Original
906 people have browsed it

This article combines the urldecode and base64_encode functions in PHP and then combines the replacement function written by myself to safely transfer Chinese characters and special dangerous characters in the URL. Friends who need to know more can refer to it. ​

We need to pass Chinese characters or other special characters such as HTML in the URL. There seems to be all kinds of chaos. Different browsers encode them differently.

For Chinese, the general approach is:

Before passing these text strings to the url, perform urlencode($text) first;

But for some very "dangerous" characters, such as html characters, or even SQL injection-related characters, if they are obviously passed to the system, the system will generally filter them out for security reasons.

Now, we need these dangerous characters, what should we do?

The way I think of it is to base64_encode($text) them first, and then decode them with base64_decode($text) when they get to the server,

It seems perfect, but I encountered another problem during use. The string encoded by base64_encode contains "/", "+", "=" and other characters,


The base64_encode() function needs to pass the user input view (a small amount of content) in the URL. When the user submits (post submission), it is an array. So I use the bse64_encode() function to encrypt the view. When jumping to the processing page When I receive it again, the encrypted data on both sides is wrong. There is a + character missing.

User submission encryption:

tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz+vI69ehsKEhfHw=


Received using get on the processing page:

tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw=

In comparison, I found that there is a missing plus sign. I don’t know what the reason is (guess it may be that the + character may not be obtained during get!). Please give some advice from experts.

These characters are special characters in URL encoding, such as "+", which represents "space", but different browsers encode "space" differently. Some use "+" to represent it, and some use "+" to represent "space". "20%" means, that is to say, if these base64_encoded strings are passed in the URL, when browsing with different browsers, the server will get different values.

So, I thought of a compromise, first replace these base64 encoded special characters, and then replace them back after reaching the server:


Solution:

1. When the user submits the encrypted string, I replace the + character with other characters. For example: str_replace('+', '_', $content);
2. Convert again on the processing page: such as: str_replace('_', '+', $content);

The code is as follows Copy code
 代码如下 复制代码

function base_encode($str) {
        $src  = array("/","+","=");
        $dist = array("_a","_b","_c");
        $old  = base64_encode($str);
        $new  = str_replace($src,$dist,$old);
        return $new;
}
 
function base_decode($str) {
        $src = array("_a","_b","_c");
        $dist  = array("/","+","=");
        $old  = str_replace($src,$dist,$str);
        $new = base64_decode($old);
        return $new;
}

function base_encode($str) {           $src = array("/","+","=");          $dist = array("_a","_b","_c");           $old = base64_encode($str);          $new = str_replace($src,$dist,$old);          return $new; } function base_decode($str) { ​​​​ $src = array("_a","_b","_c");           $dist = array("/","+","=");           $old = str_replace($src,$dist,$str);            $new = base64_decode($old);          return $new; }

The following is the effect obtained in the browser

xOO6w6Osuf65_aiy_atL_b00Ke5_b8jnus6ho6GjoaM_c

The urldecode instance method is very simple

urldecode ( string $str )
Decode any %## in the given encoded string. Returns the decoded string.

Example #1 urldecode() Example

The code is as follows Copy code
 代码如下 复制代码

$a = explode('&', $QUERY_STRING);
$i = 0;
while ($i < count($a)) {
$b = split('=', $a[$i]);
echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])),
' is ', htmlspecialchars(urldecode($b[1])), "
";
$i++;
}
?>

$a = explode('&', $QUERY_STRING);
$i = 0; while ($i < count($a)) {

$b = split('=', $a[$i]);

echo 'Value for parameter ', htmlspecialchars(urldecode($b[0])), "; $i++; } ?>
http://www.bkjia.com/PHPjc/445609.htmlwww.bkjia.comtrue
http: //www.bkjia.com/PHPjc/445609.htmlTechArticleThis article combines the urldecode and base64_encode functions in php and then combines the replacement function written by myself to safely transfer the url Chinese Characters, special dangerous characters, friends who need to know more can refer to...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template