doudun2212
2011-08-17 15:32
浏览 1.6k
已采纳

不要在表单提交时转义特殊字符

I have a form that submits via GET, and one of the hidden fields submits a list of category IDs, separated by comma (1,2,3).

When the get query gets to the page it is going, commas become escaped with %2C.

I cannot make changes to PHP that parses these values, and they must remain commas.

In summary: ?category=1,2,3 works, and ?category=1%2C2%2C3 doesn't.

How do I prevent the comma from being encoded?

Edit to address the comment, simplified, but gives you the gist:

<form method="get" action="something.php">
<input type="hidden" name="category" value="1,2,3">
<input type="submit">
</form>

图片转代码服务由CSDN问答提供 功能建议

我有一个通过GET提交的表单,其中一个隐藏字段提交了一个类别ID列表,由 逗号(1,2,3)。

当获取查询到达页面时,逗号将通过%2C 进行转义。

我无法对解析这些值的PHP进行更改,并且它们必须保留逗号。

总结:?category = 1,2,3 < / code>有效,?category = 1%2C2%2C3 没有。

如何防止逗号被编码?

编辑以解决评论,简化,但给出了要点:

 &lt; form method =“get”action =“something.php”  &gt; 
&lt; input type =“hidden”name =“category”value =“1,2,3”&gt; 
&lt; input type =“submit”&gt; 
&lt; / form&gt; 
    
 
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

4条回答 默认 最新

  • dou8mwz5079 2011-08-17 17:09
    已采纳

    The problem with "making it stop" is that the encoding is a part of HTTP standards - you "shouldn't want" to make it stop since it is a part of the very basis upon which HTTP is built. RFC2396 describes which characters are allowed and not allowed in a URI:

    2.2. Reserved Characters

    Many URI include components consisting of or delimited by, certain special characters. These characters are called "reserved", since
    their usage within the URI component is limited to their reserved
    purpose. If the data for a URI component would conflict with the
    reserved purpose, then the conflicting data must be escaped before
    forming the URI.

      reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                    "$" | ","
    

    Because of this fact, when using GET to submit a form, the user agent will encode the values according to this specification.

    Your solution lies in either

    1) Change the form to use the POST method, change references to $_GET into $_POST in php

    2) Call urldecode (docs) on the data before using it ($_GET['my_value'] = urldecode($_GET['my_value']);)

    3) Use element arrays to submit this as an array to the server

    <input name="myElement[]" value="1" />
    <input name="myElement[]" value="2" />
    <input name="myElement[]" value="3" />
    

    On PHP side, $_GET['myElement'] will be equal to array(1,2,3)

    已采纳该答案
    打赏 评论
  • douyun8674 2011-08-17 15:36

    Create 3 hidden fields with the same name "category" and a different value 1, 2 and 3.

    打赏 评论
  • douao1858 2011-08-17 15:51

    Instead of preventing encoding, consider decoding the string when you receive it. Here is an example (using java):

    public class Encoden
    {
        public static void main(String[] args)
        {
            String encodedValue;
            String value = "a, b, c";
            String unencodedValue;
    
            try
            {
                encodedValue = URLEncoder.encode(value, "UTF-8");
            }
            catch (UnsupportedEncodingException exception)
            {
                encodedValue = null;
    
                System.out.print("encoding exception: ");
                System.out.println(exception.getMessage());
            }
    
            try
            {
                unencodedValue = URLDecoder.decode(encodedValue, "UTF-8");
            }
            catch (UnsupportedEncodingException exception)
            {
                unencodedValue = null;
                System.out.print("decoding exception: ");
                System.out.println(exception.getMessage());
            }
    
            System.out.print("Original: ");
            System.out.println(value);
            System.out.print("Encoded: ");
            System.out.println(encodedValue);
            System.out.print("Decoded: ");
            System.out.println(unencodedValue);
        }
    }
    

    I just noticed the php tag. While I dont know php, I'm certain that it will have a means to encode and decode HTML string values.

    Edit: Based on comments, try rendering the value of the hidden inside a CDATA block. I have no idea if this will work, just throwing it out there. Here is an example:

    <input type="hidden" name="blam" value="<![CDATA[1, 2, 3]]>"/>

    打赏 评论
  • duanbing2963 2011-08-17 16:55

    Use Javascript to manually encode the query string? A bit ugly, but it looks like it is the only option.

    打赏 评论

相关推荐 更多相似问题