为什么我应该对通过GET传递的URL进行网址编码
[英]Why should I urlencode URLs passed via GET
问题描述
Suppose I do 
假如我做
http://site.com/something?url=http://lol.com/lol
are there any advantages (eg security etc) of doing 这样做有什么好处(例如安全性等)
'http://site.com/something?url=' . urlencode('http://lol.com/lol');
instead of just passing in an unencoded version of the url in? 而不是仅仅传入未经编码的url版本? Why should I urlencode something passed via GET instead of just passing in an uncoded version (though of course if the url param has & or ? or = in it then I should definitely encode it...but suppose they don't, why should I encode them) 为什么我应该对通过GET传递的内容进行urlencode,而不只是传递未编码的版本(当然,如果url参数中包含&或?或=,那么我绝对应该对其进行编码...但是假设它们没有,为什么?我对它们进行编码)
2 个解决方案
解决方案1
1 已采纳 2012-10-03 15:57:54
There are characters which have special meaning in URLs. URL中有些字符具有特殊含义。 Those characters will have special meaning in the outer URL (instead of the inner URL where they belong) if you pass them without encoding. 如果您不进行编码就将这些字符在外部URL(而不是它们所属的内部URL)中具有特殊含义。
For example, if you want to pass 例如,如果您想通过
http://example.com/foo?1=2&3=4
And you don't encode it, then you will get: 而且您不对其进行编码,那么您将获得:
http://example.com/?url=http://example.com/foo?1=2&3=4
with 同
url is http://example.com/foo?1=2
3 is 4
suppose they don't, why should I encode them
Because then you have to look at every URL you pass to decide if it needs encoding or not. 因为那样一来,您必须查看传递的每个URL,以决定是否需要编码。
Always encoding is much simpler and less error prone then deciding on a case by case basis. 始终进行编码比根据案例决定要简单得多,并且出错率也较低。
解决方案2
0 2012-10-03 16:02:27
只要我知道第二个示例就很好,如果您有可能在url中使用unicode字符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.