PHP - 带 GET 查询的加号
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2671840/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP - Plus sign with GET query
提问by user
I have a PHP script that does basic encryption of a string through the method below:
我有一个 PHP 脚本,它通过以下方法对字符串进行基本加密:
<?php
$key = 'secretkey';
$string = $_GET['str'];
if ($_GET['method'] == "decrypt")
{
$output = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, md5(md5($key))), "$fixedstring = str_replace(" ", "+", $string);
");
}
if ($_GET['method'] == "encrypt")
{
$output= base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
}
echo $output;
?>
An example of a URL to encrypt a string would look like this:
用于加密字符串的 URL 示例如下所示:
Encrypt.php?method=encrypt&str=the quick fox
Encrypt.php?method=encrypt&str=快狐
Which would return this as the encrypted string:
这将作为加密字符串返回:
LCuT/ieVa6cl3/4VtzE+jd9QPT3kvHYYJFqG6tY3P0Q=
LCuT/ieVa6cl3/4VtzE+jd9QPT3kvHYYJFqG6tY3P0Q=
Now to decrypt the string all you have to do is change the "method" query to "decrypt", like so:
现在要解密字符串,您只需将“方法”查询更改为“解密”,如下所示:
Encrypt.php?method=decrypt&str=LCuT/ieVa6cl3/4VtzE+jd9QPT3kvHYYJFqG6tY3P0Q=
Encrypt.php?method=decrypt&str=LCuT/ieVa6cl3/4VtzE+jd9QPT3kvHYYJFqG6tY3P0Q=
The only problem is that when that encrypted string is decrypted it returns this:
唯一的问题是,当加密字符串被解密时,它会返回:
??§rYV}ì35??·n?ì(??X8T;b
??§rYV}ì35??·n?ì(??X8T;b
I have narrowed down the problem to the plus sign that is in the encrypted string. PHP's GET method seems to translate a plus sign into a blank space. I have searched this bug and found out that it has already been filed here. I have tried different methods listed on that page and others with no success. The closest I got is by using this:
我已将问题缩小到加密字符串中的加号。PHP 的 GET 方法似乎将加号转换为空格。我搜索了这个错误,发现它已经在这里提交了。我尝试了该页面上列出的不同方法和其他方法,但均未成功。我得到的最接近的是使用这个:
<?php
$key = 'secretkey';
$string = $_GET['str'];
if ($_GET['method'] == "decrypt")
{
$string = urlencode($string);
$string = str_replace("+", "%2B",$string);
$string = urldecode($string);
$output = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, md5(md5($key))), "rawurldecode()
");
}
if ($_GET['method'] == "encrypt")
{
$output= base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
}
echo $output;
?>
and then using $fixedstring in the encryption methods, the problem is, upon decryption, all blank spaces are converted to plus signs. Any ideas?
然后在加密方法中使用 $fixedstring ,问题是,在解密时,所有空格都转换为加号。有任何想法吗?
I know using POST would make more sense but I am using GET for specific reasons. I will spare the details.
我知道使用 POST 会更有意义,但我出于特定原因使用 GET。我会省略细节。
回答by hobodave
If you'll read the entirety of that bug report you'll see a reference to RFC 2396. Which states that + is reserved. PHP is correct in translating an unencoded + sign to a space.
如果您阅读该错误报告的全部内容,您将看到对RFC 2396的引用。其中指出 + 是reserved。PHP 将未编码的 + 符号转换为空格是正确的。
You could use urlencode() the ciphertext when returning it to the user. Thus, when the user submits the ciphertext for decryption, you can urldecode() it. PHP will do this automatically for you if it comes in via the GET string as well.
您可以在将密文返回给用户时使用 urlencode() 。因此,当用户提交密文进行解密时,您可以 urldecode() 它。如果它也通过 GET 字符串输入,PHP 会自动为您执行此操作。
Bottom line:The + must be submitted to PHP as the encoded value: %2B
底线:+ 必须作为编码值提交给 PHP:%2B
回答by Andrew
I realize that this is an old question, but I was looking for a solution to a similar problem with + signs in a GET string. I stumble upon this page and thought I would share the solution I came up with.
我意识到这是一个老问题,但我正在寻找解决类似问题的解决方案,在 GET 字符串中使用 + 符号。我偶然发现了这个页面,并认为我会分享我想出的解决方案。
rawurlencode()
回答by Chad Birch
You should be using urlencode()before putting the encrypted string on the query string, which will "escape" any special characters (including +) and then call urldecode()before decrypting it, to revert them back to their original form.
您应该urlencode()在将加密字符串放在查询字符串上之前使用,这将“转义”任何特殊字符(包括+),然后urldecode()在解密之前调用,以将它们恢复为原始形式。
回答by Alex Angelico
none of the above answers worked for me, I fixed the "+" sign problem using
以上答案都不适合我,我使用修复了“+”号问题
encodeURIComponent([string])
and
和
var modelString = "SEACAT+PROFILER";
modelString = encodeURIComponent(modelString);
//"SEACAT%2BPROFILER"
回答by delliottg
We ran into the same problem trying to pass a URL to a PHP script with a string variable containing the "+" symbol. We were able to make it work with;
我们在尝试将 URL 传递给带有包含“+”符号的字符串变量的 PHP 脚本时遇到了同样的问题。我们能够让它工作;
<a href='processor.php?name=".urlencode($str)."'>".$str."</a></td>
EG:
例如:
##代码##The %2Bpasses the correct value to the PHP GET as @hobodave said, and we get back the right data set.
在%2B为@hobodave说,传递正确的值到PHP GET,我们重新回到正确的数据集。
Hope this helps someone else who ran into something like this, and needed a slightly different take on the examples above.
希望这可以帮助遇到类似问题的其他人,并且需要对上述示例略有不同。
回答by Robert Sinclair
In my case the problem was that $_GET parameters were not decoding correctly when being used for a MYSQL query. So if you just need to pass the $_GET content to a mysql query then simply encode it (no need to decode anything) like this:
就我而言,问题是 $_GET 参数在用于 MYSQL 查询时没有正确解码。因此,如果您只需要将 $_GET 内容传递给 mysql 查询,那么只需对其进行编码(无需解码任何内容),如下所示:
##代码##