We need to pass Chinese characters or other special characters such as HTML in the URL. There seems to be all kinds of chaos. Different browsers encode them differently.
For Chinese, the general approach is:
Before passing these text strings to the url, perform urlencode($text) first;
But for some very "dangerous" characters, such as html characters, or even SQL injection-related characters, if they are obviously passed to the system, the system will generally filter them out for security reasons.
Now, we need these dangerous characters, what should we do?
The way I think of it is to base64_encode($text) them first, and then decode them with base64_decode($text) when they get to the server,
It seems perfect, but I encountered another problem during use. The string encoded by base64_encode contains "/", "+", "=" and other characters,
The base64_encode() function needs to pass the user input view (a small amount of content) in the URL, and when the user submits it (post submission), it is an array. So I use the bse64_encode() function to encrypt the view. When jumping to the processing page, I received it again with get. At this time, the encrypted data on both sides was wrong. There was a + character missing.
User submission encryption:
tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz+vI69ehsKEhfHw=
Received using get on the processing page:
tPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw=
In comparison, I found that there is a missing plus sign. I don’t know what the reason is (guess it may be that the + character may not be obtained during get!). Please give some advice from experts.
These characters are special characters in URL encoding, such as "+", which represents "space", but different browsers encode "space" differently. Some use "+" to represent it, and some use "+" to represent "space". "20%" means, that is to say, if these base64_encoded strings are passed in the URL, when browsing with different browsers, the server will get different values.
So, I thought of a compromise, first replace these base64 encoded special characters, and then replace them back after reaching the server:
Solution:
1. When the user submits the encrypted string, I replace the + character with other characters. For example: str_replace('+', '_', $content);
2. On the processing page again Convert once: such as: str_replace('_', '+', $content);
Example #1 urldecode() Example
true