无法正确上传字符串到服务器

时间:2013-10-09 07:58:55

标签: php android

我正在尝试将字符串上传到服务器,但字符串中的+符号未保存,而是由空格替换。因此,如果我将ddd + fff作为salt或iv发送,它将作为ddd fff保存在sql数据库中。为什么+号丢失?

由于

在Android应用中上传代码:

parameters ="id="+mUsername+"&pass="+mPassword+"&operationtype="+moperationtype+"&salt="+Base64.encode    Bytes(salt)+"&iv="+Base64.encodeBytes(iv);   

            try
            {
                url = new URL("http://www.xyz.com/connect.php");
                connection = (HttpURLConnection) url.openConnection();
                connection.setDoOutput(true);
                connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                connection.setRequestMethod("POST");    

                request = new OutputStreamWriter(connection.getOutputStream());
                request.write(parameters);
                request.flush();
                request.close();            
                String line = "";               
                InputStreamReader isr = new InputStreamReader(connection.getInputStream());
                BufferedReader reader = new BufferedReader(isr);
                StringBuilder sb = new StringBuilder();
                while ((line = reader.readLine()) != null)
                {
                    sb.append(line + "\n");
                }
                // Response from server after login process will be stored in response variable.                
                response = sb.toString();
                // You can perform UI operations here
                Toast.makeText(this,"Message from Server: \n"+ response, 0).show();   

                isr.close();
                reader.close();

            }
            catch(Exception e)
            {

                // Error
            }

connect.php的代码是:

<?php
$host="www.host.com"; // Host name
$username="user"; // username
$password="pass"; // password
$db_name="db"; // Database name
$tbl_name="table"; // Table name
$usertable="table";

// Replace database connect functions depending on database you are using.
mysql_connect($host, $username, $password) OR DIE ("Unable to 
        connect to database! Please try again later.");

mysql_select_db("$db_name");

$operationtype="restore";
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$myusername=mysql_real_escape_string($_POST['id']);
$mypassword=mysql_real_escape_string($_POST['pass']);
$salt=($_POST['salt']);
$iv=($_POST['iv']);
$operationtype=mysql_real_escape_string($_POST['operationtype']);


$sql ="INSERT INTO `db`.`table` (`row`, `id`, `pass`,`salt`, `iv`) VALUES (NULL, '$myusername', '$mypassword','$salt','$iv');";

$result=mysql_query($sql);


?>

2 个答案:

答案 0 :(得分:0)

使用URLEncoder作为您的网址,以便所有字符都以正确的方式进行编码。不允许在URL中写入特定字符,例如u'+ $§'。 并在PHP中使用decode

网址规范:

Reserved
Have to be encoded sometimes
! * ' ( ) ; : @ & = + $ , / ? % # [ ]

答案 1 :(得分:0)

你必须在get for php中使用%2B

example.com?q=string%2Bblah

当量

string+blah