I'm storing multiple information in cookies in javascript. The information pieces are separated by a "+" sign, like document.cookie ='cookie1'+'='+inf1+'+'+inf2
.
But when I'm echoing out these cookies from PHP, the separating "+" sign is replaced with a space.
I've tried to echo with addslashes, didn't work. When I'm alerting the the cookie from JS it's alright, it shows the separating "+" sign.
Anyone out there knows a solution for this?
I know it's not new issue, but for those, who also runs to this problem, here's my solution:
To solve this error use escaped characters instead !
At http://www.w3schools.com/jsref/jsref_escape.asp it says:
This function encodes special characters, with the exception of: * @ - _ + . /
So it means you can insert these characters to the cookie, but won't be able to retrieve through PHP. PHP just and only accepts escaped ASCII chars like '%2B' for '+' '%2A' for '*' etc. Check the Hx column here: http://www.asciitable.com/
So how i solved it (quick and dirty) is that i tried to insert escaped data to the cookie:
function setCookie(c_name,value,exdays){
var exdate=new Date();
var n_value = escape(value).replace(/[+]/g,"%2B").replace(/[*]/g,"%2A").replace(/[@]/g,"%40").replace(/[-]/g,"%2D").replace(/[_]/g,"%5F").replace(/[.]/g,"%2E").replace(/[/]/g,"%2F");
exdate.setDate(exdate.getDate() + exdays);
var c_value = n_value + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
document.cookie=c_name + "=" + c_value;
}
this escapes the rest of the characters, then replace the exceptions ( +-_@*./ ). It's dirty and I'm pretty sure it can be done someway else, like regexp...etc, but it works for now.
Try it, you'll be satisfied with it!
That's weird — there is no specification that states a cookie should be treated as application/x-www-form-urlencoded :
Netscape's original draft stated:
NAME=VALUE
This string is a sequence of characters excluding semi-colon, comma and white space. If there is a need to place such data in the name or value, some encoding method such as URL style
%XX
encoding is recommended, though no encoding is defined or required.
So this is the plain percent-encoding .
RFC 2109 states:
cookie = NAME "=" VALUE *(";" cookie-av) NAME = attr VALUE = value
Where attr and value are specified as:
attr = token value = word word = token | quoted-string
And token and quoted-string are specified in HTTP/1.1 and can be represented by these regular expressions respectively:
[!#$%&'*+\\-.0-9A-Za-z^_`|~]+ "([ \\x21\\x23-\\x7E\\x80-\\xFF]|(\\r\\n)?[ \\t]+|\\\\[\\x00-\\x7F])*"
So this isn't application/x-www-form-urlencoded either but a different format preferred by HTTP-based extensions.
RFC 2965 doesn't specify anything different than RFC 2109 regarding the cookie syntax:
cookie = NAME "=" VALUE *(";" set-cookie-av) NAME = attr VALUE = value
Thus the +
, that is only is replaced in application/x-www-form-urlencoded , should not be replaced by a space in cookies. So this is a wrong behavior by PHP.
You could replace +
with it's url code %2B
.
document.cookie = 'cookie1' + '=' + inf1 + '%2B' + inf2;
You should also encode inf1
and inf2
if they might contain unencoded strings (if they're numbers, it's fine). Just search google for "JavaScript urlencode"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.