我正在尝试将字符串上传到服务器,但字符串中的 + 号没有被保存,而是被空格替换。因此,如果我将 ddd+fff 作为 salt 或 iv 发送,它将作为 ddd fff 保存在 sql 数据库中。为什么+号会丢失?
谢谢
在安卓应用中上传代码:
parameters ="id="+mUsername+"&pass="+mPassword+"&operationtype="+moperationtype+"&salt="+Base64.encode Bytes(salt)+"&iv="+Base64.encodeBytes(iv);
try
{
url = new URL("http://www.xyz.com/connect.php");
connection = (HttpURLConnection) url.openConnection();
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
connection.setRequestMethod("POST");
request = new OutputStreamWriter(connection.getOutputStream());
request.write(parameters);
request.flush();
request.close();
String line = "";
InputStreamReader isr = new InputStreamReader(connection.getInputStream());
BufferedReader reader = new BufferedReader(isr);
StringBuilder sb = new StringBuilder();
while ((line = reader.readLine()) != null)
{
sb.append(line + "\n");
}
// Response from server after login process will be stored in response variable.
response = sb.toString();
// You can perform UI operations here
Toast.makeText(this,"Message from Server: \n"+ response, 0).show();
isr.close();
reader.close();
}
catch(Exception e)
{
// Error
}
connect.php 的代码是:
<?php
$host="www.host.com"; // Host name
$username="user"; // username
$password="pass"; // password
$db_name="db"; // Database name
$tbl_name="table"; // Table name
$usertable="table";
// Replace database connect functions depending on database you are using.
mysql_connect($host, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
mysql_select_db("$db_name");
$operationtype="restore";
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$myusername=mysql_real_escape_string($_POST['id']);
$mypassword=mysql_real_escape_string($_POST['pass']);
$salt=($_POST['salt']);
$iv=($_POST['iv']);
$operationtype=mysql_real_escape_string($_POST['operationtype']);
$sql ="INSERT INTO `db`.`table` (`row`, `id`, `pass`,`salt`, `iv`) VALUES (NULL, '$myusername', '$mypassword','$salt','$iv');";
$result=mysql_query($sql);
?>