我如何在 Node.js 中对某些内容进行 URl 编码?
[英]How do I URl encode something in Node.js?
问题描述
I want to URL encode this:
我想对这个进行 URL 编码:
SELECT name FROM user WHERE uid = me()
Do I have to download a module for this?我必须为此下载一个模块吗? I already have the request module.我已经有了请求模块。
6 个解决方案
解决方案1
744 已采纳 2011-07-01 23:12:07
You can use JavaScript's encodeURIComponent :您可以使用 JavaScript 的encodeURIComponent :
encodeURIComponent('select * from table where i()')
giving给予
'select%20*%20from%20table%20where%20i()'
解决方案2
144 2011-07-02 23:56:21
The built-in module querystring is what you're looking for:内置模块querystring是您正在寻找的:
var querystring = require("querystring");
var result = querystring.stringify({query: "SELECT name FROM user WHERE uid = me()"});
console.log(result);
#prints 'query=SELECT%20name%20FROM%20user%20WHERE%20uid%20%3D%20me()'
解决方案3
52 2014-02-09 21:57:01
Use the escape function of querystring .使用querystring的escape函数。 It generates a URL safe string.它生成一个 URL 安全字符串。
var escaped_str = require('querystring').escape('Photo on 30-11-12 at 8.09 AM #2.jpg');
console.log(escaped_str);
// prints 'Photo%20on%2030-11-12%20at%208.09%20AM%20%232.jpg'
解决方案4
25 2015-09-11 17:26:37
Note that URI encoding is good for the query part, it's not good for the domain.请注意,URI 编码对查询部分有利,对域不利。 The domain gets encoded using punycode.域使用 punycode 进行编码。 You need a library like URI.js to convert between a URI and IRI (Internationalized Resource Identifier).您需要像URI.js这样的库来在 URI 和 IRI(国际化资源标识符)之间进行转换。
This is correct if you plan on using the string later as a query string:如果您打算稍后将该字符串用作查询字符串,则这是正确的:
> encodeURIComponent("http://examplé.org/rosé?rosé=rosé")
'http%3A%2F%2Fexampl%C3%A9.org%2Fros%C3%A9%3Fros%C3%A9%3Dros%C3%A9'
If you don't want ASCII characters like / , : and ?如果您不想要像/ 、 :和?这样的 ASCII 字符to be escaped, use encodeURI instead:要转义,请改用encodeURI :
> encodeURI("http://examplé.org/rosé?rosé=rosé")
'http://exampl%C3%A9.org/ros%C3%A9?ros%C3%A9=ros%C3%A9'
However, for other use-cases, you might need uri-js instead:但是,对于其他用例,您可能需要uri-js :
> var URI = require("uri-js");
undefined
> URI.serialize(URI.parse("http://examplé.org/rosé?rosé=rosé"))
'http://xn--exampl-gva.org/ros%C3%A9?ros%C3%A9=ros%C3%A9'
解决方案5
17 2018-01-19 17:34:22
encodeURIComponent(string) will do it: encodeURIComponent(string) 会这样做:
encodeURIComponent("Robert'); DROP TABLE Students;--")
//>> "Robert')%3B%20DROP%20TABLE%20Students%3B--"
Passing SQL around in a query string might not be a good plan though,在查询字符串中传递 SQL 可能不是一个好的计划,
解决方案6
0 2022-06-08 08:38:10
encodeURI编码URI
The encodeURI() method is used to encode a complete URL. encodeURI()方法用于对完整的 URL 进行编码。 This method encodes special characters except ~!$&@#*()=:/,;?+此方法对特殊字符进行编码,除了~!$&@#*()=:/,;?+
encodeURIComponent编码URI组件
To encode special characters in URI components, you should use the encodeURIComponent() method.要对 URI 组件中的特殊字符进行编码,您应该使用encodeURIComponent()方法。 This method is suitable for encoding URL components such as query string parameters and not the complete URL.此方法适用于编码 URL 组件,例如查询字符串参数,而不是完整的 URL。
解决方案7
-2 2016-09-16 22:06:04
The solutions, do not encode queries containing characters " or ' . Passing SQL strings in query is a biq security risk. 解决方案,不编码包含字符“或”的查询。在查询中传递SQL字符串是biq安全风险。
function encodeSQLInjection(query){
return encodeURIComponent(query).replace(/'/g,"%27").replace(/"/g,"%22");
}
encodeSQLInjection("DELETE FROM users WHERE name LIKE '%noob%'")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.