表单提交时不要转义特殊字符 [英] Do not escape special characters on form submit
问题描述
我有一个通过GET提交的表单,其中一个隐藏字段提交了一个由逗号分隔的类别ID列表(1,2,3)。
当get查询到达页面时,逗号会被%2C 所转义。
我不能对PHP进行更改以分析这些值,并且它们必须保留为逗号。
总结:?category = 1,2,3 works,
我如何阻止逗号被编码?
编辑以解决评论,简化,但给你的要点:
< form method =getaction =something.php>
< input type =hiddenname =categoryvalue =1,2,3>
< input type =submit>
< / form>
编码是HTTP标准的一部分 - 你不应该让它停止,因为它是构建HTTP的基础的一部分。 RFC2396 描述了URI中允许和不允许使用哪些字符:
2.2。保留字符
许多URI包含由某些
特殊字符组成或由其定界的组件。这些字符被称为保留,因为它们在URI组件中的使用仅限于其保留的
目的。如果URI组件的数据与
预留目的冲突,那么冲突数据必须在
形成URI之前转义。reserved =; | /| ? | :| @| &安培; | =| +|
$| ,
由于这个事实,当使用GET提交一个表单,用户代理将根据此规范对值进行编码。
您的解决方案在于
1)将表单更改为使用POST方法,将对 $ _ GET 的引用更改为php中的 $ _ POST
<2>调用urldecode( docs )使用它之前的数据(
$ _ GET ['my_value'] = urldecode($ _ GET ['my_value']); ) <3>使用元素数组将其作为数组提交给服务器
< input name = myElement []value =1/>
< input name =myElement []value =2/>
< input name =myElement []value =3/>
在PHP方面, $ _ GET ['myElement'] 将等于数组(1,2,3)
I have a form that submits via GET, and one of the hidden fields submits a list of category IDs, separated by comma (1,2,3).
When the get query gets to the page it is going, commas become escaped with %2C.
I cannot make changes to PHP that parses these values, and they must remain commas.
In summary: ?category=1,2,3 works, and ?category=1%2C2%2C3 doesn't.
How do I prevent the comma from being encoded?
Edit to address the comment, simplified, but gives you the gist:
<form method="get" action="something.php">
<input type="hidden" name="category" value="1,2,3">
<input type="submit">
</form>
The problem with "making it stop" is that the encoding is a part of HTTP standards - you "shouldn't want" to make it stop since it is a part of the very basis upon which HTTP is built. RFC2396 describes which characters are allowed and not allowed in a URI:
2.2. Reserved Characters
Many URI include components consisting of or delimited by, certain special characters. These characters are called "reserved", since
their usage within the URI component is limited to their reserved
purpose. If the data for a URI component would conflict with the
reserved purpose, then the conflicting data must be escaped before
forming the URI.reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | ","
Because of this fact, when using GET to submit a form, the user agent will encode the values according to this specification.
Your solution lies in either
1) Change the form to use the POST method, change references to $_GET into $_POST in php
2) Call urldecode (docs) on the data before using it ($_GET['my_value'] = urldecode($_GET['my_value']);)
3) Use element arrays to submit this as an array to the server
<input name="myElement[]" value="1" />
<input name="myElement[]" value="2" />
<input name="myElement[]" value="3" />
On PHP side, $_GET['myElement'] will be equal to array(1,2,3)
这篇关于表单提交时不要转义特殊字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
