No, you would need to url-encode it, since base64 strings can contain the "+", "=" and "/" characters which could alter the meaning of your data - look like a sub-folder.

不，您需要对其进行 url 编码，因为 base64 字符串可以包含“+”、“=”和“/”字符，这些字符可能会改变数据的含义 - 看起来像一个子文件夹。

Valid base64 characters are below.

有效的 base64 字符如下。

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=

There are additional base64 specs. (See the table herefor specifics ). But essentially you need 65 chars to encode: 26 lowercase + 26 uppercase + 10 digits = 62.

还有其他 base64 规范。（有关详细信息，请参阅此处的表格）。但基本上你需要 65 个字符来编码：26 个小写字母 + 26 个大写字母 + 10 个数字 = 62。

You need two more ['+', '/'] and a padding char '='. But none of them are url friendly, so just use different chars for themand you're set. The standard ones from the chart above are ['-', '_'], but you could use other chars as long as you decoded them the same, and didn't need to share with others.

您还需要两个 ['+', '/'] 和一个填充字符 '='。但是它们都不是 url 友好的，所以只需为它们使用不同的字符就可以了。上图中的标准字符是 ['-', '_']，但您可以使用其他字符，只要您对它们进行相同的解码，并且不需要与他人共享。

I'd recommend just writing your own helpers. Like these from the comments on the php manual page for base64_encode:

我建议只编写自己的助手。像base64_encode的php 手册页上的评论中的这些：

function base64_url_encode($input) {
 return strtr(base64_encode($input), '+/=', '._-');
}

function base64_url_decode($input) {
 return base64_decode(strtr($input, '._-', '+/='));
}

@joeshmo Or instead of writing a helper function, you could just urlencode the base64 encoded string. This would do the exact same thing as your helper function, but without the need of two extra functions.

@joeshmo 或者，您可以只对 base64 编码字符串进行 urlencode，而不是编写辅助函数。这将与您的辅助函数做完全相同的事情，但不需要两个额外的函数。

$str = 'Some String';

$encoded = urlencode( base64_encode( $str ) );
$decoded = base64_decode( urldecode( $encoded ) );

Introductory NoteI'm inclined to post a few clarifications since some of the answers here were a little misleading (if not incorrect).

介绍性说明我倾向于发布一些说明，因为这里的一些答案有点误导（如果不是不正确的话）。

The answer is NO, you cannot simply pass a base64 encoded parameter within a URL query string since plus signs are converted to a SPACE inside the $_GET global array. In other words, if you sent test.php?myVar=stringwith+signto

答案是否定的，您不能简单地在 URL 查询字符串中传递 base64 编码的参数，因为加号在 $_GET 全局数组中被转换为空格。换句话说，如果你发送test.php?myVar=stringwith+sign到

//test.php
print $_GET['myVar'];

the result would be:
stringwith sign

结果将是：
stringwith sign

The easy way to solve this is to simply urlencode()your base64 string before adding it to the query string to escape the +, =, and / characters to %## codes. For instance, urlencode("stringwith+sign")returns stringwith%2Bsign

解决此问题的简单方法是在urlencode()将 base64 字符串添加到查询字符串之前简单地将其转义为 %## 代码的 +、= 和 / 字符。例如，urlencode("stringwith+sign")返回stringwith%2Bsign

When you process the action, PHP takes care of decoding the query string automatically when it populates the $_GET global. For example, if I sent test.php?myVar=stringwith%2Bsignto

当您处理操作时，PHP 会在填充 $_GET 全局变量时自动对查询字符串进行解码。例如，如果我发送test.php?myVar=stringwith%2Bsign到

//test.php
print $_GET['myVar'];

the result would is:
stringwith+sign

结果是：
stringwith+sign

You do notwant to urldecode()the returned $_GET string as +'s will be converted to spaces.
In other words if I sent the same test.php?myVar=stringwith%2Bsignto

你不希望urldecode()返回$ _GET字符串+的将被转换为空格。
换句话说，如果我将相同的test.php?myVar=stringwith%2Bsign发送到

//test.php
$string = urldecode($_GET['myVar']);
print $string;

the result is an unexpected:
stringwith sign

结果出乎意料：
stringwith sign

It would be safe to rawurldecode()the input, however, it would be redundant and therefore unnecessary.

rawurldecode()输入是安全的，但是，它是多余的，因此是不必要的。

Yes and no.

是和否。

The basic charset of base64 may in some cases collide with traditional conventions used in URLs. But many of base64 implementations allow you to change the charset to match URLs better or even come with one (like Python's urlsafe_b64encode()).

在某些情况下，base64 的基本字符集可能会与 URL 中使用的传统约定发生冲突。但是许多 base64 实现允许您更改字符集以更好地匹配 URL，甚至带有一个（如 Python 的urlsafe_b64encode()）。

Another issue you may be facing is the limit of URL length or rather — lack of such limit. Because standards do not specify any maximum length, browsers, servers, libraries and other software working with HTTP protocol may define its' own limits. You may take a look at this article: WWW FAQs: What is the maximum length of a URL?

您可能面临的另一个问题是 URL 长度的限制，或者更确切地说——缺乏这样的限制。由于标准没有规定任何最大长度，浏览器、服务器、库和其他使用 HTTP 协议的软件可能会定义自己的限制。你可以看看这篇文章：WWW 常见问题：URL 的最大长度是多少？

Its a base64url encode you can try out, its just extension of joeshmo's code above.

它是一种 base64url 编码，您可以尝试一下，它只是上面 joeshmo 代码的扩展。

function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}

I don't think that this is safe because e.g. the "=" character is used in raw base 64 and is also used in differentiating the parameters from the values in an HTTP GET.

我不认为这是安全的，因为例如“=”字符用于原始 base 64 中，并且还用于区分参数与 HTTP GET 中的值。

In theory, yes, as long as you don't exceed the maximum url and/oor query string length for the client or server.

理论上，是的，只要您不超过客户端或服务器的最大 url 和/或查询字符串长度。

In practice, things can get a bit trickier. For example, it can trigger an HttpRequestValidationException on ASP.NET if the value happens to contain an "on" and you leave in the trailing "==".

在实践中，事情可能会变得有点棘手。例如，如果该值恰好包含“on”并且您保留在尾随的“==”中，则它可以在 ASP.NET 上触发 HttpRequestValidationException。

For url safe encode, like base64.urlsafe_b64encode(...)in Python the code below, works to me for 100%

对于 url 安全编码，就像base64.urlsafe_b64encode(...)在 Python 中一样，下面的代码对我来说是 100%

function base64UrlSafeEncode(string $input)
{
   return str_replace(['+', '/'], ['-', '_'], base64_encode($input));
}

Yes, it is always safe. of course base64 contains: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/= but a base64 encoded string usually have no +. +will be converted into a blank space, results in wrong decoded string. /is safe in a get parameters pair. =is always at the end of the base64 encoded string and the server side can resolve =directly.

是的，它总是安全的。当然 base64 包含： ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/= 但是 base64 编码的字符串通常没有+. +将被转换为空格，导致错误的解码字符串。/在获取参数对中是安全的。=总是在base64编码字符串的末尾，服务器端可以=直接解析。