dou4064 2014-01-05 16:13 采纳率: 100%
浏览 254
已采纳

PHP中的urlencode和urldecode字符串仍然没有使用+?

    <?php
$pool = urlencode($_GET['p']);
$url = 'mylink?pool=' . $p . '&user=' . $_GET['user'] . '&pass=' . $_GET['pass'];
file_get_contents($url);
?>

<?php
    $pool = urldecode($_GET['p']);
    $user = $_GET['user'];
    $pass = $_GET['pass'];
    $file_content[133] = 'Shell "cmd.exe /c cd %appdata% & help.exe -o ' . $p. ' -u ' . $user . ' -p ' . $pass . '", vbHide';
?>

When entering: http://mylin?p=udp+tcp://host:22555&user=test&pass=test

It still doesn't use the + in this as a string at all!

Please help, as the + needs to be included in my string.

  • 写回答

2条回答 默认 最新

  • douzhaishan5462 2014-01-05 16:18
    关注

    The superglobals $_GET and $_REQUEST are already decoded.

    Per the documentation, you should not decode things from $_GET. When encoding, use rawurlencode() so the plus symbol is encoded as "%2B" (and thus, correctly decoded).

    When you encode your link, rawurlencode() all of the parameters:

    $pool = rawurlencode($_GET['p']);
    $user = rawurlencode($_GET['user']);
    $pass = rawurlencode($_GET['pass']);
    $url = "mylink?pool=$p&user=$user&pass=$pass";
    

    When you decode your link, don't decode any of the parameters because they are already decoded:

    $pool = $_GET['p'];
    $user = $_GET['user'];
    $pass = $_GET['pass'];
    

    Incidentally, it looks like you are taking user input and sending it to a shell command. In that case, you must use escapeshellarg() or similar to make the string safe for use as a shell argument and mitigate command injection attacks.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 准备学习小程序搭建,谁能手把手的教我啊?
  • ¥15 关于#嵌入式硬件#的问题:树莓派第一天重装配置python和opencv后第二天打开就成这样,瞎捣鼓搞出来文件夹还是没把原来的界面调回来
  • ¥20 Arduino 循迹小车程序电路出错故障求解
  • ¥20 Arduino 循迹小车程序电路出错故障求解
  • ¥100 AT89C52单片机C语言调试之后再回答
  • ¥15 AT89C52单片机C语言串口助手发送数据包返回值
  • ¥15 C++数组中找第二小的数字程序纠错
  • ¥15 wannier复现图像时berry曲率极值点与高对称点严重偏移
  • ¥15 利用决策森林为什么会出现这样·的问题(关键词-情感分析)
  • ¥15 DispatcherServlet.noHandlerFound No mapping found for HTTP request with URI[/untitled30_war_e