php 使用ajax发送密码过去,接收端发现密码被裁剪了
没怎么用过PHP。特来此论坛问下。
现在遇到的问题是,用户输入用户名与密码,进行登录,如果密码简单点,是可以传过去的。但如果密码是ab@;&1这种,则发现服务端得到的密码值被裁剪了,变成ab@;了。但是代码中紧接着,下面的部分也是这么操作的,居然又可以,实在没找出两处的差异,求解惑。
client部分的PHP
function getFirstU8Accid(){ var sUserName = document.getElementById("user_name").value.toLowerCase(); var sPassword = document.getElementById("password").value; sUserName = escape(sUserName); if(sUserName=="") { return(""); } var sUrl = '/Server/a.php?t='+escape(Date())+'&a='+sUserName+'&b='+sPassword; var xml = CreateXMLHttp(); xml.open("GET",sUrl,false); xml.send(); var sLoginUser = xml.responseText; //处理.......} //具体调用处如下代码所示 //此处调用getFirstU8Accid()失败,具体错误是服务端的PHP并没有得到完整的密码内容。 Accid = getFirstU8Accid(); try{var guid = obj.GetClientGUID();}catch(e){return " Error:failed to call GetClientGUID,error message:" + e.message;} var sUrl = '/Server/b.php?t='+escape(Date())+'&a='+user+'&b='+password+'&c='+sDomain; var xml = CreateXMLHttp(); xml.open("GET",sUrl,false); xml.send(null); //此处能正常返回,因为b.php中的代码能正常获取到密码内容 return xml.responseText;[/color]a.php b.php中的代码大概如下,其实基本一样,只是b中参数多了,多了一个解析的。[code=php]<?php $langs=$_COOKIE['LANGUAGES'];$langs=empty($langs) ? 'cn' : $langs;$language=include"lang-$langs.php";require("CmxConsts.php");require("CmxCommon.php");try { $sUserName = $_GET["a"]; $sUserName = str_replace("|YJ|","&",$sUserName); $sUserName = str_replace("|YJJ|","#",$sUserName); //下面获取的密码就被裁剪了。 $sPassword = $_GET["b"]; //...................?>给我的感觉,就是第一次失败后,再做第二次,只是多带了参数,就成功了。虽然服务端a,b两个PHP文件,但其实没啥区别。
回复讨论(解决方案)
& 字符在 url 参数串中是作为字段分隔符出现的,如果你的值中有该字符,则需要做 url 编码处理(%26)
版主真快哈,可是第二次提交时,好像也没有做处理啊。
另外,URL编码处理,有没有通用的代码呢?我是中英繁三种语言的,会有影响不?PHP不熟。我也刚用没多久,请问有相关的资料或小例子没?
js 不是有 encodeURI、encodeURIComponent 方法吗
问题解决了。第一处处理时,对密码没有escape操作,而接收处则进行了unescape处理。而第二处是配对的。谢谢版本的提示。
var sUrl = '/Server/a.php?t='+escape(Date())+'&a='+sUserName+'&b='+sPassword;
改?
var sUrl = '/Server/a.php?t='+escape(Date())+'&a='+encodeURIComponent(sUserName)+'&b='+encodeURIComponent(sPassword);
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Alipay PHP SDK transfer error: How to solve the problem of 'Cannot declare class SignData'?
Apr 01, 2025 am 07:21 AM
Alipay PHP...
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
How does session hijacking work and how can you mitigate it in PHP?
Apr 06, 2025 am 12:02 AM
Session hijacking can be achieved through the following steps: 1. Obtain the session ID, 2. Use the session ID, 3. Keep the session active. The methods to prevent session hijacking in PHP include: 1. Use the session_regenerate_id() function to regenerate the session ID, 2. Store session data through the database, 3. Ensure that all session data is transmitted through HTTPS.
How to debug CLI mode in PHPStorm?
Apr 01, 2025 pm 02:57 PM
How to debug CLI mode in PHPStorm? When developing with PHPStorm, sometimes we need to debug PHP in command line interface (CLI) mode...
Describe the SOLID principles and how they apply to PHP development.
Apr 03, 2025 am 12:04 AM
The application of SOLID principle in PHP development includes: 1. Single responsibility principle (SRP): Each class is responsible for only one function. 2. Open and close principle (OCP): Changes are achieved through extension rather than modification. 3. Lisch's Substitution Principle (LSP): Subclasses can replace base classes without affecting program accuracy. 4. Interface isolation principle (ISP): Use fine-grained interfaces to avoid dependencies and unused methods. 5. Dependency inversion principle (DIP): High and low-level modules rely on abstraction and are implemented through dependency injection.
How to automatically set permissions of unixsocket after system restart?
Mar 31, 2025 pm 11:54 PM
How to automatically set the permissions of unixsocket after the system restarts. Every time the system restarts, we need to execute the following command to modify the permissions of unixsocket: sudo...
How to send a POST request containing JSON data using PHP's cURL library?
Apr 01, 2025 pm 03:12 PM
Sending JSON data using PHP's cURL library In PHP development, it is often necessary to interact with external APIs. One of the common ways is to use cURL library to send POST�...
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
