请求参数丢失加号
我正在编辑搜索表单并尝试防止数据库中出现特殊字符。在 JSP 搜索表单中,(多选)下拉列表允许用户选择将在查询中使用的描述(注意:描述是字符串列表):
<select id="descriptionSelect" multiple="multiple">
<c:forEach items="${descriptions}" var="description">
<option value="${fn:escapeXml(description)}")}">
<c:out value="${description}" />
</option>
</c:forEach>
</select>
当表单提交时,页面动态生成 URL,该 URL 接受查询参数URL(丑陋,我知道,双手被束缚)。这是制作描述部分的片段。
var descriptionSelectBox = document.getElementById("descriptionSelect");
var descriptionsUrlAddition = "";
for (var i = 0; i < descriptionSelectBox.options.length; i++) {
if (descriptionSelectBox.options[i].selected) {
descriptionsUrlAddition += "&descriptions=" + escape(descriptionSelectBox.options[i].value);
}
}
我在数据库中有一个测试条目,其描述为:
AAA `~!@#$%^&*()_+-={}|[]\:";'<>?,./ 哇 上面的代码有很多特殊字符
当请求到达控制器时,描述丢失了+号(它变成了一个空格)。
,由于某种原因, ?我不确定是否有什么 您提供此建议,请使用 Java 特定代码(没有 Apache escape utils 类等)。
处理 URL 的特殊用途,或者什么,我可以编辑描述列表的填充方式(可能会在那里转义)。如果 它有帮助,在 JavaScript 中使用警报表明 + 号在发送请求之前没有被转换。
I am editing a search form and trying to protect against special characters in the database. In the JSP search form, a (multiselect) dropdown allows users to select descriptions that will be used in the query (note: descriptions is a list of strings):
<select id="descriptionSelect" multiple="multiple">
<c:forEach items="${descriptions}" var="description">
<option value="${fn:escapeXml(description)}")}">
<c:out value="${description}" />
</option>
</c:forEach>
</select>
When the form submits, the page dynamically generates the URL which takes query parameters in the URL (ugly, I know, hands are tied). Here's the snipet making the description segment.
var descriptionSelectBox = document.getElementById("descriptionSelect");
var descriptionsUrlAddition = "";
for (var i = 0; i < descriptionSelectBox.options.length; i++) {
if (descriptionSelectBox.options[i].selected) {
descriptionsUrlAddition += "&descriptions=" + escape(descriptionSelectBox.options[i].value);
}
}
I have a test entry in the database whose description is:
AAA `~!@#$%^&*()_+-={}|[]\:";'<>?,./ And wow this has a lot of special characters.
With the code above, for some reason when the request gets to the controller, the description loses the + sign (it becomes just a space).
Does anyone know what might be happening and how to fix it? I am not sure if it's something to do with URLs special use of +, or what. I could edit how the descriptions list is populated (maybe escaping there). If you offer this as a suggestion, please use Java specific code (no Apache escape utils classes, etc).
If it helps, using alerts in the JavaScript indicate that the + sign is not being transformed before sending the request.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
+
表示 URL 中的“空格”。将其替换为%2B
。例如,您可以在编写descriptionsUrlAddition
后立即执行此操作。+
means "space" in URLs. Replace it with%2B
. You could do this just after composingdescriptionsUrlAddition
, for example.对于 javascript,您应该使用 encodeURIComponent() 或 encodeuri()。例如:
res 将被编码为
"fj74cvg%2Bfd1%3D%3Dee"
对于 php,您可以使用 urlencode()。例如:
这些函数将替换字符串中用作 url 一部分的任何特殊字符。
For javascript you should use encodeURIComponent() or encodeuri(). For Example:
and res would be encoded to
"fj74cvg%2Bfd1%3D%3Dee"
For php you can use urlencode(). For Example:
These functions will replace any special characters in the string to be used as part of the url.
您应该在前端使用 javascriptencodeuri 函数来对您的参数进行编码。
You should use in the front side The javascript encodeuri function to encode your parameters.