Php URL Value Learning notes

Php URL Pass-through learning notes

1. The source code in the page when displayed in the browser, the browser will interpret the HTML escape symbol so if you want to display special characters, such as ' < ', ' > ', etc., in the source code can be <>2. When PHP is displayed in Echo, if you want to display ' < ', ' > ' Can handle echo htmlspecialchars (' <> ') in this way, Htmlspecialchars can handle the following characters ' & ', ' "', '  ', ' < ', ' > ' # ' & ' (ampersand) becomes ' & ' # ' "' (double quote) becomes '" ' when Ent_noquotes is      Not set.# "(single quote) becomes" only if Ent_quotes is set.# ' < ' (less than) becomes ' < ' # ' > ' (greater than) becomes ' > ' 3. When you want to manually construct the URL of the method echo "\ n", but to use the constructed URL for JS jump, you can not use Htmlspecialchars (see details 5.) 4. Ie,firefox will un_htmlspecialchars the URL of the href= URL (which can be seen in the browser status bar after the mouse is moved), because HTML automatically recognizes entities like "&" and then submits it The UrlEncode () variable is then submitted in PHP meaning: in addition to-_.All non-alphanumeric characters will be replaced with a percent (%) followed by a two-digit hexadecimal number, the space is encoded as a plus sign (+）。 #号比较特殊, if you want to transfer the # number, you can enter%23 in the URL bar or use the 3 method? 5. But in the JS window.location= "url" url in the presence of "&" such characters will not jump normally, because JS "&" just treat them as normal characters but will be UrlEncode () Then commit (can be seen in the browser status bar when the mouse is moved up) so use PHP variables to embed the URL address in JS with special attention to 6. When submitted, either the GET or POST method, the data will be urlencode by the browser (5th), and directly by PHP UrlDecode. So you don't have to deal with any urlencoding/urldecoding in the end, it's all handled automatically. 7. If you want to send the form or data to the server in the browser, you can do so using the Get or POST method. The Get method is to use the browser address bar to pass values when the URL is accessed. We can see this kind of URL string on many websites. The Get method is convenient and intuitive, the disadvantage is that users who visit the site can also modify the URL string sent to the server, if the program is not good enough to be error-prone, and get pass string length can not exceed 250 characters, if long, the browser will automatically truncate, resulting in data loss. In addition, the Get method does not support any characters other than ASCII characters, such as the inclusion of Chinese characters or other non-ASCII characters, and requires additional encoding operations, although the browser can sometimes be done automatically (using the Url_encode and Url_decode functions). When the Post method sends variable data, it is opaque to the user, and by HTTP protocol, the data is appended to the header of the header, and the user cannot modify it, which is much better for Web applications, and using post can send large volumes of data to the Web server. Because post is sent with the header information of HTTP, the browser does not automatically resend post data when the post form is triggered and when the user clicks the Back button while browsing the page. If the user clicks the Refresh button at this point, there will be a "data has expired, whether to resubmit the form" prompt, which is not as easy as get use. When you use get to pass a value, the URL address of the browser still exists even if the user uses the back or refresh button. As a result, we need to flexibly choose get and post to submit form data based on the actual application in development. It is worth mentioning that if the form end tag is missing from the HTML, then the entire form will not trigger any commit action. In actual development, some careless people will find that clicking the button without any reflection, in fact fineMind check the code of the form, and sometimes even if you write less HTML characters, the browser will not work for us.   8.index.php?a=urlencode (' + '); UrlDecode ($_get[' a ']) = ";   UrlEncode the space is encoded as a plus sign (+). Rawurlencode Replace the space with a percent (%) followed by a two-digit hexadecimal number can be used Rawurlencode () and Rawurldecode () to avoid this error 9.urlencode () return string, in addition to the-_ of this string. All non-alphanumeric characters are replaced with a percent sign (%) followed by a two-digit hexadecimal number, and a space is encoded as a plus (+). This encoding is the same as the WWW form POST data, and is encoded in the same way as the application/x-www-form-urlencoded media type.

