我正在尝试将字符串上传到服务器,但字符串中的+符号未保存,而是由空格替换。因此,如果我将ddd + fff作为salt或iv发送,它将作为ddd fff保存在sql数据库中。为什么+号丢失?
由于
在Android应用中上传代码:
parameters ="id="+mUsername+"&pass="+mPassword+"&operationtype="+moperationtype+"&salt="+Base64.encode Bytes(salt)+"&iv="+Base64.encodeBytes(iv);
try
{
url = new URL("http://www.xyz.com/connect.php");
connection = (HttpURLConnection) url.openConnection();
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
connection.setRequestMethod("POST");
request = new OutputStreamWriter(connection.getOutputStream());
request.write(parameters);
request.flush();
request.close();
String line = "";
InputStreamReader isr = new InputStreamReader(connection.getInputStream());
BufferedReader reader = new BufferedReader(isr);
StringBuilder sb = new StringBuilder();
while ((line = reader.readLine()) != null)
{
sb.append(line + "\n");
}
// Response from server after login process will be stored in response variable.
response = sb.toString();
// You can perform UI operations here
Toast.makeText(this,"Message from Server: \n"+ response, 0).show();
isr.close();
reader.close();
}
catch(Exception e)
{
// Error
}
connect.php的代码是:
<?php
$host="www.host.com"; // Host name
$username="user"; // username
$password="pass"; // password
$db_name="db"; // Database name
$tbl_name="table"; // Table name
$usertable="table";
// Replace database connect functions depending on database you are using.
mysql_connect($host, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
mysql_select_db("$db_name");
$operationtype="restore";
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$myusername=mysql_real_escape_string($_POST['id']);
$mypassword=mysql_real_escape_string($_POST['pass']);
$salt=($_POST['salt']);
$iv=($_POST['iv']);
$operationtype=mysql_real_escape_string($_POST['operationtype']);
$sql ="INSERT INTO `db`.`table` (`row`, `id`, `pass`,`salt`, `iv`) VALUES (NULL, '$myusername', '$mypassword','$salt','$iv');";
$result=mysql_query($sql);
?>
答案 0 :(得分:0)
使用URLEncoder作为您的网址,以便所有字符都以正确的方式进行编码。不允许在URL中写入特定字符,例如u'+ $§'。 并在PHP中使用decode
网址规范:
Reserved
Have to be encoded sometimes
! * ' ( ) ; : @ & = + $ , / ? % # [ ]
答案 1 :(得分:0)
你必须在get for php中使用%2B
即
example.com?q=string%2Bblah
当量
string+blah