PHP - 使用GET查询的加号 [英] PHP - Plus sign with GET query
问题描述
我有一个PHP脚本,通过下面的方法对字符串进行基本加密:
<?php
$ key ='secretkey';
$ string = $ _GET ['str'];
if($ _GET ['method'] ==decrypt)
{
$ output = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256,md5($ key),base64_decode($字符串),MCRYPT_MODE_CBC,md5(md5($ key))),\0);
}
$ b $ if if($ _GET ['method'] ==encrypt)
{
$ output = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,md5($ key ),$ string,MCRYPT_MODE_CBC,md5(md5($ key))));
}
echo $ output;
?>
加密字符串的URL示例如下所示:
Encrypt.php?method = encrypt& str =快速狐狸
这会将其作为加密字符串返回:
LCuT / ieVa6cl3 / 4VtzE + jd9QPT3kvHYYJFqG6tY3P0Q =
现在解密字符串,您只需更改方法查询解密,如下所示:
Encrypt.php?method = decrypt& str = LCuT / ieVa6cl3 / 4VtzE + jd9QPT3kvHYYJFqG6tY3P0Q =
唯一的问题是,当解密这个加密字符串时,它会返回这个:
|| YV}̳5ššnßì(ñïX8Þ; b
我已经将问题缩小到了加密字符串中的加号PHP的GET方法似乎将加号转换为空格我已经搜索了这个bug并且发现它已经提交这里。我尝试过不同的方法列在该页面上,其他人没有成功。我得到的最接近的是使用这个:
$ $ $ $ $ $ $ $ fixedstring = str_replace(,+,$ string);
然后在加密方法中使用$ fixedstring,问题是,在解密时,所有空格都是转换为加号。任何想法?
我知道使用POST会更有意义,但由于特定原因我使用GET。如果您仔细阅读该错误报告的全部内容,您会看到该错误报告的全部内容。
对 RFC 2396 的引用。其中指出+是保留。在将未编码+符号转换为空格时,PHP是正确的。
在将密文返回给用户时,可以使用urlencode()密文。因此,当用户提交密文解密时,你可以urldecode()它。 PHP会自动为你做这个,如果它通过GET字符串进来的话。
底线: +必须提交给PHP作为编码值:%2B
I have a PHP script that does basic encryption of a string through the method below:
<?php
$key = 'secretkey';
$string = $_GET['str'];
if ($_GET['method'] == "decrypt")
{
$output = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
}
if ($_GET['method'] == "encrypt")
{
$output= base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
}
echo $output;
?>
An example of a URL to encrypt a string would look like this:
Encrypt.php?method=encrypt&str=the quick fox
Which would return this as the encrypted string:
LCuT/ieVa6cl3/4VtzE+jd9QPT3kvHYYJFqG6tY3P0Q=
Now to decrypt the string all you have to do is change the "method" query to "decrypt", like so:
Encrypt.php?method=decrypt&str=LCuT/ieVa6cl3/4VtzE+jd9QPT3kvHYYJFqG6tY3P0Q=
The only problem is that when that encrypted string is decrypted it returns this:
¬ƒ§rYV}̳5Äš·nßì(ñïX8Þ;b
I have narrowed down the problem to the plus sign that is in the encrypted string. PHP's GET method seems to translate a plus sign into a blank space. I have searched this bug and found out that it has already been filed here. I have tried different methods listed on that page and others with no success. The closest I got is by using this:
$fixedstring = str_replace(" ", "+", $string);
and then using $fixedstring in the encryption methods, the problem is, upon decryption, all blank spaces are converted to plus signs. Any ideas?
I know using POST would make more sense but I am using GET for specific reasons. I will spare the details.
If you'll read the entirety of that bug report you'll see a reference to RFC 2396. Which states that + is reserved. PHP is correct in translating an unencoded + sign to a space.
You could use urlencode() the ciphertext when returning it to the user. Thus, when the user submits the ciphertext for decryption, you can urldecode() it. PHP will do this automatically for you if it comes in via the GET string as well.
Bottom line: The + must be submitted to PHP as the encoded value: %2B
这篇关于PHP - 使用GET查询的加号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
