0

我正在尝试将字符串上传到服务器,但字符串中的 + 号没有被保存,而是被空格替换。因此,如果我将 ddd+fff 作为 salt 或 iv 发送,它将作为 ddd fff 保存在 sql 数据库中。为什么+号会丢失?

谢谢

在安卓应用中上传代码:

parameters ="id="+mUsername+"&pass="+mPassword+"&operationtype="+moperationtype+"&salt="+Base64.encode    Bytes(salt)+"&iv="+Base64.encodeBytes(iv);   

            try
            {
                url = new URL("http://www.xyz.com/connect.php");
                connection = (HttpURLConnection) url.openConnection();
                connection.setDoOutput(true);
                connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                connection.setRequestMethod("POST");    

                request = new OutputStreamWriter(connection.getOutputStream());
                request.write(parameters);
                request.flush();
                request.close();            
                String line = "";               
                InputStreamReader isr = new InputStreamReader(connection.getInputStream());
                BufferedReader reader = new BufferedReader(isr);
                StringBuilder sb = new StringBuilder();
                while ((line = reader.readLine()) != null)
                {
                    sb.append(line + "\n");
                }
                // Response from server after login process will be stored in response variable.                
                response = sb.toString();
                // You can perform UI operations here
                Toast.makeText(this,"Message from Server: \n"+ response, 0).show();   

                isr.close();
                reader.close();

            }
            catch(Exception e)
            {

                // Error
            }

connect.php 的代码是:

<?php
$host="www.host.com"; // Host name
$username="user"; // username
$password="pass"; // password
$db_name="db"; // Database name
$tbl_name="table"; // Table name
$usertable="table";

// Replace database connect functions depending on database you are using.
mysql_connect($host, $username, $password) OR DIE ("Unable to 
        connect to database! Please try again later.");

mysql_select_db("$db_name");

$operationtype="restore";
// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$myusername=mysql_real_escape_string($_POST['id']);
$mypassword=mysql_real_escape_string($_POST['pass']);
$salt=($_POST['salt']);
$iv=($_POST['iv']);
$operationtype=mysql_real_escape_string($_POST['operationtype']);


$sql ="INSERT INTO `db`.`table` (`row`, `id`, `pass`,`salt`, `iv`) VALUES (NULL, '$myusername', '$mypassword','$salt','$iv');";

$result=mysql_query($sql);


?>
4

2 回答 2

0

为您的 URL使用URLEncoder,因此所有字符都以正确的方式编码。不允许在 URL 中写入特定字符,例如 '+$§'。并在你的 PHP 中使用decode

网址规范:

Reserved
Have to be encoded sometimes
! * ' ( ) ; : @ & = + $ , / ? % # [ ]
于 2013-10-09T08:01:18.707 回答
0

你必须%2B在get for php中使用,即

example.com?q=string%2Bblah

情商

string+blah
于 2013-10-09T08:07:46.900 回答