GET带有空格的变量-它们起作用,但是正确或确定吗? [英] GET variables with spaces - they work, but is it correct or ok?
问题描述
我有一个PHP页面,其中通过"city" URL/GET变量传递城市名称.当前,即使有空格(例如.php?city=New York
),它也会传递实际的城市名称.然后,我使用$ city GET变量并针对city.name运行一个MySQL查询.
I have a PHP page where I'm passing the city name via a "city" URL/GET variable. Currently, it's passing the actual city name even if it has spaces (eg .php?city=New York
). I then take the $city GET variable and run a MySQL query against cities.name.
这很好用-但我一直给人的印象是,任何变量(URL/GET或其他方式都不应有空格).我非常有能力替换带下划线的空格,或者删除它们,然后将它们放回查询...等等,但是我想我首先要问的是空格是完全可以的,这是只是我的迷信告诉我否则.
This works just fine - but I've always been under the impression any variables, URL/GET or otherwise should never have spaces. I'm more than capable of either replacing the spaces w/ underscores, or removing them, and putting them back in for the query...etc - but I thought I'd ask first in case spaces are completely fine, and it was just my superstition telling me otherwise.
推荐答案
空格很好,通常使用+
进行编码.
Spaces are fine, and are generally encoded with +
.
为了更加安全,如果将值手动添加到GET参数中,请在值上使用urlencode()
.
To be extra safe, use urlencode()
on your values if manually adding them to your GET params.
echo urlencode('New York'); // New+York
CodePad .
否则,如果您的表单以GET参数的形式提交,则将它们保持原样:)
Otherwise, if your form if submitting as GET params, just leave them as they are :)
然后我使用$ city GET变量,并针对city.name运行一个MySQL查询.
I then take the $city GET variable and run a MySQL query against cities.name.
请确保您使用的是合适的数据库转义机制,以防止SQL注入.
Make sure you are using the suitable database escaping mechanism to be safe from SQL injection.
这篇关于GET带有空格的变量-它们起作用,但是正确或确定吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!