The only real restriction on what characters can appear in form control names is when a form is submitted with GET

表单控件名称中可以出现哪些字符的唯一真正限制是使用 GET 提交表单时

"The "get" method restricts form data set values to ASCII characters." reference

““get”方法将表单数据集值限制为 ASCII 字符。” 参考

There's a good thread on it here.

有一个关于它良好的线程在这里。

Note, that not all characters are submitted for nameattributes of form fields (even when using POST)!

请注意，并非所有字符都为name表单字段的属性提交（即使使用 POST）！

White-space characters are trimmed and inner white-space characters as well the character .are replaced by _. (Tested in Chrome 23, Firefox 13 and Internet Explorer 9, all Win7.)

空白字符被修剪，内部空白字符以及字符.被替换为_. （在 Chrome 23、Firefox 13 和 Internet Explorer 9 中测试，全部为 Win7。）

Any character you can include in an [X]HTML file is fine to put in an <input name>. As Allain's comment says, <input name>is defined as containing CDATA, so the only things you can't put in there are the control codes and invalid codepoints that the underlying standard (SGML or XML) disallows.

您可以包含在 [X]HTML 文件中的任何字符都可以放入<input name>. 正如阿兰的评论所说，<input name>被定义为包含CDATA，所以你唯一不能放入的东西是底层标准（SGML 或 XML）不允许的控制代码和无效代码点。

Allain quoted W3 from the HTML4 spec:

阿兰引用了 HTML4 规范中的 W3：

Note. The "get" method restricts form data set values to ASCII characters. Only the "post" method (with enctype="multipart/form-data") is specified to cover the entire ISO10646 character set.

笔记。“get”方法将表单数据集值限制为 ASCII 字符。仅指定“post”方法（使用 enctype="multipart/form-data"）覆盖整个 ISO10646 字符集。

However this isn't really true in practice.

然而，这在实践中并不是真的。

The theory is that application/x-www-form-urlencodeddata doesn't have a mechanism to specify an encoding for the form's names or values, so using non-ASCII characters in either is “not specified” as working and you should use POSTed multipart/form-datainstead.

理论是application/x-www-form-urlencoded数据没有为表单的名称或值指定编码的机制，因此在任何一个中使用非 ASCII 字符都是“未指定”的工作，您应该使用 POSTedmultipart/form-data代替。

Unfortunately, in the real world, no browser specifies an encoding for fields even when it theoretically could, in the subpart headers of a multipart/form-dataPOST request body. (I believe Mozilla tried to implement it once, but backed out as it broke servers.)

不幸的是，在现实世界中，即使理论上可以，在multipart/form-dataPOST 请求正文的子部分标头中，也没有浏览器为字段指定编码。（我相信 Mozilla 曾尝试实现它，但由于它破坏了服务器而退出。）

And no browser implements the astonishingly complex and ugly RFC2231standard that would be necessary to insert encoded non-ASCII field names into the multipart's subpart headers. In any case, the HTML spec that defines multipart/form-datadoesn't directly say that RFC2231 should be used, and, again, it would break servers if you tried.

并且没有浏览器实现极其复杂和丑陋的RFC2231标准，这是将编码的非 ASCII 字段名称插入多部分的子部分标头所必需的。在任何情况下，定义的 HTML 规范multipart/form-data并没有直接说明应该使用 RFC2231，而且，如果您尝试，它会再次破坏服务器。

So the reality of the situation is there is no way to know what encoding is being used for the names and values in a form submission, no matter what type of form it is. What browsers will do with field names and values that contain non-ASCII characters is the same for GET and both types of POST form: it encodes them using the encoding the page containing the form used. Non-ASCII GET form names are no more broken than everything else.

因此，实际情况是，无论表单是什么类型，都无法知道表单提交中的名称和值使用了什么编码。对于 GET 和两种类型的 POST 表单，浏览器对包含非 ASCII 字符的字段名称和值的处理方式是相同的：它使用包含所用表单的页面的编码对它们进行编码。非 ASCII 的 GET 表单名称并不比其他任何东西都更糟糕。

DLH:

DLH：

So name has a different data type for than it does for other elements?

那么 name 的数据类型与其他元素的数据类型不同吗？

Actually the only element whose nameattribute is not CDATAis <meta>. See the HTML4 spec's attribute listfor all the different uses of name; it's an overloaded attribute name, having many different meanings on the different elements. This is generally considered a bad thing.

实际上，唯一name没有属性的元素CDATA是<meta>. 有关; 的所有不同用途，请参阅 HTML4 规范的属性列表name。它是一个重载的属性名称，对不同的元素有许多不同的含义。这通常被认为是一件坏事。

However, typically these days you would avoid nameexcept on form fields (where it's a control name) and param(where it's a plugin-specific parameter identifier). That's only two meanings to grapple with. The old-school use of namefor identifying elements like <form>or <a>on the page should be avoided (use idinstead).

但是，现在通常name除了表单字段（它是控件名称）和param（它是插件特定的参数标识符）之外，您通常会避免使用。这只有两个含义需要解决。应该避免使用老式的name来标识页面上<form>或<a>页面上的元素（id改为使用）。

While Allain's comment did answer OP's direct question and bobince provided some brilliant in-depth information, I believe many people come here seeking answer to more specific question: "Can I use a dot character in form's input name attribute?"

虽然阿兰的评论确实回答了 OP 的直接问题并且 bobince 提供了一些精彩的深入信息，但我相信很多人来到这里寻求更具体问题的答案：“我可以在表单的输入名称属性中使用点字符吗？”

As this thread came up as first result when I searched for this knowledge I guessed I may as well share what I found.

当我搜索这些知识时，这个线程作为第一个结果出现，我想我也可以分享我的发现。

Firstly, Matthias' claimed that:

首先，马蒂亚斯声称：

character . are replaced by _

特点 。被_代替

This is untrue. I don't know if browser's actually did this kind of operation back in 2013 - though, I doubt that. Browsers send dot characters as they are(talking about POST data)! You can check it in developer tools of any decent browser.

这是不真实的。我不知道浏览器是否真的在 2013 年进行了这种操作——不过，我对此表示怀疑。浏览器按原样发送点字符（谈论 POST 数据）！您可以在任何像样的浏览器的开发人员工具中查看它。

Please, notice that tiny little comment by abluejelly, that probably is missed by many:

请注意 abluejelly 的小评论，可能很多人都错过了：

I'd like to note that this is a server-specific thing, not a browser thing. Tested on Win7 FF3/3.5/31, IE5/7/8/9/10/Edge, Chrome39, and Safari Windows 5, and all of them sent " test this.stuff" (four leading spaces) as the name in POST to the ASP.NET dev server bundled with VS2012.

我想指出，这是特定于服务器的事情，而不是浏览器的事情。在Win7 FF3/3.5/31、IE5/7/8/9/10/Edge、Chrome39和Safari Windows 5上测试，都在POST中发送“test this.stuff”（四个前导空格）作为名称到与 VS2012 捆绑在一起的 ASP.NET 开发服务器。

I checked it with Apache HTTP server(v2.4.25) and indeed input name like "foo.bar" is changed to "foo_bar". But in a name like "foo[foo.bar]" that dot is not replaced by _!

我用 Apache HTTP 服务器（v2.4.25）检查了它，确实像“foo.bar”这样的输入名称被更改为“foo_bar”。但是在像“foo[foo.bar]”这样的名字中，那个点不会被_！

My conclusion: You can use dots but I wouldn't use it as this may lead to some unexpected behaviours depending on HTTP server used.

我的结论：您可以使用点，但我不会使用它，因为这可能会导致一些意外行为，具体取决于所使用的 HTTP 服务器。

Do you mean the id and name attributes of the HTML input tag?

你是说 HTML 输入标签的 id 和 name 属性吗？

If so, I'd be very tempted to restrict (or convert) allowed "input" name characters into only a-z (A-Z), 0-9 and a limited range of punctuation (".", ",", etc.), if only to limit the potential for XSS exploits, etc.

如果是这样，我很想将允许的“输入”名称字符限制（或转换）为仅 az (AZ)、0-9 和有限范围的标点符号（“.”、“,”等），如果只是为了限制 XSS 攻击等的可能性。

Additionally, why let the user control any aspect of the input tag? (Might it not ultimately be easier from a validation perspective to keep the input tag names are 'custom_1', 'custom_2', etc. and then map these as required.)

另外，为什么让用户控制输入标签的任何方面？（从验证的角度来看，将输入标签名称保留为“custom_1”、“custom_2”等，然后根据需要映射这些名称，最终可能不会更容易。）