Home > Backend Development > PHP Tutorial > Analyze problems caused by special characters in PHP URLs (+,\,=)

Analyze problems caused by special characters in PHP URLs (+,\,=)

藏色散人
Release: 2023-04-09 16:22:02
forward
4796 people have browsed it

Recommended: "PHP Video Tutorial"

Problems caused by special characters in the URL in PHP (,,=)

Foreword, In the process of working on a certain channel, I discovered a signature verification error. However, at that time, the signature verification performance was inconsistent in the two places with the same set of processing methods. I thought this was because the request methods in the two places were different. One was the get method and the other was naturally the post method. Of course, the problem must be get.

GET and POST

GET request methods, since the parameters are placed in the URL, may be subject to some policy issues on the browser side when passing them. Urlencode the parameters. Therefore, when you get the parameters on the server side, they may not be the original data. Therefore, when requesting data through GET, if no processing is done, there may be problems in verifying the signature. The possibility here is that this special character is not included after base64 processing, and a blank string is obtained without any processing after the GET method.

The POST request method puts the parameters in the request body. During the http transfer process, there will be no processing of the parameters due to some strategic issues of the browser. Therefore, there will be no problem when performing parameter signature verification through POST requests, and signature verification can be performed smoothly. However, we have no way to ask the channel provider to turn the get request into a post request, so we can only find a way ourselves.

urlencode and urldecode

urlencode:
(PHP 4, PHP 5, PHP 7)
urlencode — 编码 URL 字符串
string urlencode ( string $str )
Copy after login

This function facilitates encoding a string and using it in the request part of the URL, and it also facilitates passing variables to Next page.

return
Copy after login

Returns a string. All non-alphanumeric characters in this string except -_. will be replaced with a percent sign (%) followed by two hexadecimal digits, and spaces are encoded. is a plus sign ( ). This encoding is the same as the WWW form POST data, and the same media type encoding as application/x-www-form-urlencoded

urldecode:
(PHP 4, PHP 5, PHP 7)
Copy after login

urldecode — Decode an encoded URL string

string urldecode ( string $str )
Copy after login

Decode any %## in the given encoded string. The plus sign (' ') is decoded into a space character.

Return the decoded string.

It seems that we have seen the light of day, the "perfect way" to deal with this string that will turn into spaces. That is, urlencode the signature string to encrypt it. Then, happily verify, fxxk, false. If you still don’t pass, then give yourself a slap in the face. After base64 encryption, the padding string = will appear, which is very painful. So I thought of a temporary solution.

urlencode(substr($str,0,strlen($sign)-2)).substr($sign,strlen($sign)-2)
Copy after login

At that time, considering that there were at most two == in base64, urlencode processing was not performed on the last two. This can basically be handled, but there may be a problem, that is, it will not work if the last two appear. Sure enough, this plan cannot be convinced and overturned. And a problem also discovered during this process is that the passed signature string may have been processed by urlencode. This is still a small problem. Perform urldecode processing first, because decoding will not cause misunderstandings.

At that time, a friend proposed a solution, that is, wouldn’t it be enough to directly replace the number? Indeed, this is a way. But I think this method is very frustrating. What if the encryption algorithm changes or other special characters are added in the future, such as @#¥%...&**( etc., we cannot all match and replace. So, I agree Workaround, but I keep thinking.

rawurlencode and rawurldecode

rawurlencode:
(PHP 4, PHP 5, PHP 7)
Copy after login

rawurlencode — Encode URLs per RFC 3986

string rawurlencode ( string $str )
Copy after login

Encodes the specified characters according to » RFC 3986.

rawurldecode:
(PHP 4, PHP 5, PHP 7)
Copy after login

rawurldecode — Decodes an encoded URL string

string rawurldecode ( string $str )
Copy after login

Returns a string in which a percent sign (%) is followed by two characters The sequence of hexadecimal digits will be replaced with literal characters.

A new dawn has emerged, understanding rawurldecode and replacing it with literal characters. Therefore, the solution is ready.

rawurldecode(urlencode(urldecode($sign))));
Copy after login

At first glance, it seems bloated or why do you have to go around and deal with it like this? In fact, you really have to deal with it like this. As for why, please read the bragging above.

Postscript

As programmers, we must have two preparations, one is a temporary solution, which can quickly fix the current problem. After the production environment returns to normal, in the long run, we must have a stable and reliable solution. The solution comes from You keep trying and php.net.

The above is the detailed content of Analyze problems caused by special characters in PHP URLs (+,,=). For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:segmentfault.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template