Php URL pass Chinese characters, special dangerous character solutions _php tips

We need to pass in the URL of the Chinese character or other special characters such as HTML, there always seems to be a variety of chaos, different browsers for their coding is not the same,

For Chinese, the general practice is:

Before passing the text string to the URL, first urlencode ($text);

But for some very "dangerous" characters, such as HTML characters, or even SQL injection-related characters, if it is clearly passed to the system, the system will generally filter them out for security reasons.

Now, we need these dangerous characters, what should we do?

My idea is to encode them Base64_encode ($text) First and then decode them Base64_decode ($text) to the server.

Seemingly perfect, but in the process of using a problem, Base64_encode encoded string contains "/", "+", "=" and other characters,

The Base64_encode () function is an array of user input (a small amount of content) to be passed in the URL when the user submits (post commits). So I use the Bse64_encode () function to encrypt the idea. When I jump to the processing page, I get received again, The data on both sides of the encryption is not correct. Less than one + character.

User Commit encryption:

tpk9tnpnykususe6xyyjndy7jim0njsufmavwcehfmyrxq/bwchllmjdztlo3tpvlnxmz+vi69ehskehfhw=

Received on the processing page using get:

Tpk9tnpnykususe6xyyjndy7jim0njsufmavwcehfmyrxq/bwchllmjdztlo3tpvlnxmz vi69ehskehfhw=

Compared to find a plus, do not know what the reason for the system (guess may be get, + characters may not be!). Also ask the Master to guide.

These characters in the URL encoding is a special character, such as "+", it means "space", but different browsers to "space" coding is not the same, some use "+" said, some use "20%" said, that is, let these base64_ The encode encoded string is passed in the URL, and the server gets a different value when browsing through the browser.

Thus, the idea of a compromise, the first of these Base64 encoded special characters replaced, to the service side, and then replaced back:

Workaround:

I. When the user submits the encrypted string, I change the + character to another character. such as: str_replace (' + ', ' _ ', $content);
Two. In the processing page once again: such as: Str_replace (' _ ', ' + ', $content);

Copy Code code as follows:

function Base_encode ($STR) {
$SRC = Array ("/", "+", "=");
$dist = Array ("_a", "_b", "_c");
$old = Base64_encode ($STR);
$new = Str_replace ($src, $dist, $old);
return $new;
}

function Base_decode ($STR) {
$SRC = Array ("_a", "_b", "_c");
$dist = Array ("/", "+", "=");
$old = Str_replace ($src, $dist, $STR);
$new = Base64_decode ($old);
return $new;
}

The following are the effects you get in the browser

Xoo6w6osuf65_aiy_atl_b00ke5_b8jnus6ho6gjoam_c

UrlDecode instance method is simple

UrlDecode (String $str)
Decodes any%## in the encoded string given. Returns the decoded string.

Example #1 UrlDecode () example

Copy Code code as follows:

<?php
$a = Explode (' & ', $QUERY _string);
$i = 0;
while ($i < count ($a)) {
$b = Split (' = ', $a [$i]);
Echo ' Value for parameter ', Htmlspecialchars (UrlDecode ($b [0])),
' Is ', Htmlspecialchars (UrlDecode ($b [1])), "<br/>";
$i + +;
}
?>