Solutions for transferring Chinese characters and special dangerous characters through URLs in php

This article combines the urldecode and base64_encode functions in php with the replacement function you have written to safely transfer url Chinese characters, special dangerous characters. For more information, see.

We need to pass Chinese characters or other special characters such as html in the url. It seems that there will always be various chaos, and different browsers will encode them differently,

For Chinese, the general practice is:

Before passing these text strings to the url, perform urlencode ($ text) first;

However, for some "dangerous" characters, such as html characters or even SQL Injection-related characters, if it is clearly passed to the system, for security reasons, the system usually filters them out.

Now, we need these dangerous characters. What should we do?

The solution I have come up with is to encode them with base64_encode ($ text) and decode them with base64_decode ($ text) on the server,

It looks perfect, but there is another problem in the use process. The base64_encode encoded string contains characters such as "/", "+", "=,

The base64_encode () function transmits the user's opinion (a small amount of content) in the url. When the user submits (post submits), an array is provided. therefore, I use the bse64_encode () function to encrypt my opinion. when I jump to the processing page, I receive the data again with get, and the encrypted data on both sides is incorrect. A + character is missing.

Encryption submitted by users:

TPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz + vI69ehsKEhfHw =

On the processing page, use get to receive the following:

TPK9tNPNyKUsuse6xyYjNDY7JiM0NjsufMavwcEhfMyrxq/BwcHLLMjDztLO3tPvLNXmz vI69ehsKEhfHw =

If a plus sign is missing from the comparison, I don't know why it is exported. (maybe it is get, or the + character may not be available !). Please give me some advice.

These characters are special characters in url encoding. For example, "+" indicates "space", but different browsers have different codes for "space, some are represented by "+" and some are represented by "20%". That is to say, when these base64_encode encoded strings are passed in the url and browsed in different browsers, the value obtained by the server is different.

As a result, I thought of a compromise. I first replaced these base64 encoded special characters, and then replaced them on the server:

Solution:

1. When the user submits the encrypted string, I replace the + character with another character. For example, str_replace ('+', '_', $ content );
2. Switch again on the processing page: for example, str_replace ('_', '+', $ content );

The Code is as follows:	Copy code
Function base_encode ($ str ){ $ Src = array ("/", "+", "= "); $ Dist = array ("_ a", "_ B", "_ c "); $ Old = base64_encode ($ str ); $ New = str_replace ($ src, $ dist, $ old ); Return $ new; }   Function base_decode ($ str ){ $ Src = array ("_ a", "_ B", "_ c "); $ Dist = array ("/", "+", "= "); $ Old = str_replace ($ src, $ dist, $ str ); $ New = base64_decode ($ old ); Return $ new; }

The following figure shows the effect in the browser.

XOO6w6Osuf65_aiy_atL_b00Ke5_b8jnus6ho6GjoaM_c

The urldecode instance method is simple.

Urldecode (string $ str)
Decodes any % # In the encoded string ##. Returns the decoded string.

Example #1 urldecode () Example

The Code is as follows:	Copy code
$ A = explode ('&', $ QUERY_STRING ); $ I = 0; While ($ I <count ($ )){ $ B = split ('=', $ a [$ I]); Echo 'value for parameter ', htmlspecialchars (urldecode ($ B [0]), 'Is, htmlspecialchars (urldecode ($ B [1])," "; $ I ++; } ?>