传递“(”和“)”通过URI导致403错误,我该怎么编码呢? [英] Passing "(" and ")" through a URI causes a 403 error, how can I encode them?
问题描述
(用于XML HTTP请求的JavaScript和用于执行SQL查询的PHP。)
(JavaScript for the XML HTTP request and PHP for the execution SQL query.)
我正在构建一个执行查询的Web应用程序。它使用XMLHTTP请求GET方法并将查询传递给执行它的PHP脚本。它工作正常,直到我在其中引入括号()。
I'm building a web app that executes queries. It uses the XMLHTTP request GET method and passes a query to a PHP script that executes it. It works fine until I introduce parentheses ( ) in it.
这是一个如何工作的例子:
Here is an example of how works:
function executeQry(){
qry = document.getElementByID('textarea').value;
qryHTTPRequest(encodeURI(qry));
//I've also tried encodeURIComponent(qry);
}
function xmlHTTPRequest(qry){
//fetches
urlFetch = "http://my.url.com/script.php?qry=" + qry;
}
这是一个快速参考,我知道我的xmlhttp请求工作正常,因为它做其他查询时需要做的事情,例如:
this is a quick reference, I know that my xmlhttp request works fine because it does what it needs to do when other queries are passed through for example:
SELECT * FROM `tableName`
工作正常,但当你尝试做类似的事情时
works fine, but when you try to do something like
CREATE TABLE `new_table`
AS (SELECT * FROM `old_table`)
然后这就是它不会执行的时候,我得到了403错误所以我认为这是一个带有()的因为我甚至试过这个PHP本身的代码,无需传递它并且它有效,所以URL编码过程一定存在问题吗?如果这是问题,是否有一种编码这些字符的方法?我假设还有其他字符不能用 encodeURI()方法以及 encodeURIComponent()进行编码。提前致谢!
Then this is when it won't execute, I get the 403 error so I figured that it's an with the () because I even tried this same code on the PHP itself, without having to pass it through and it worked, so there must be an issue with the URL encoding process right? If this is the issue, is there a method for encoding these characters? I assume there are other characters that don't get encoded with encodeURI() method as well as the encodeURIComponent(). Thanks in advance!
推荐答案
以下内容应该这样做:
urlFetch = "http://my.url.com/script.php?qry=" + encodeURIComponent(qry)
.replace(/\(/g, "%28").replace(/\)/g, "%29");
括号在URI语法中是古怪的。许多编码器将它们视为特殊编码器,即使它们仅出现在过时mark生产中。使用常见的网络协议( http , https , mailto )将它们编码为%28 和%29 是安全的,但允许Web服务器为它们分配特殊含义。您已经在使用 encodeURI 或 encodeURIComponent ,因此您已假设URL转义序列为UTF-8。
Parentheses are oddballs in the URI grammar. Many encoders treat them as special even though they only appear in the obsolete "mark" production. With common web protocols (http, https, mailto) it is safe to encode them to %28 and %29 though web servers are allowed to assign special meanings to them. You are already using encodeURI or encodeURIComponent so you are already assuming that URL escape sequences are UTF-8.
来自RFC 3986:
From RFC 3986:
sub-delims "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
...
obsolete rule translation
mark "-" / "_" / "." / "!" / "~" / "*" / "'"
/ "(" / ")"
这篇关于传递“(”和“)”通过URI导致403错误,我该怎么编码呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
