在 URL 中为 http post 编码参数和值或仅编码值?
Encode both parameter and value or just value in URL for http post?
我有一个 Java class 提交 http post 请求。我有查询参数,我的问题是我需要对名称=值对还是只对值进行编码。
String query = "foo=abc&bar=efg";
String encodedQuery = URLEncoder.encode("foo=abc&bar=efg","utf-8");
或
String query = "foo=" + URLEncoder.encode("abc","utf-8") + "&" + "bar=" + URLEncoder.encode("efg","utf-8");
您应该始终对整个 URL 进行编码。因此,要回答您的问题,您应该对整个查询进行编码。
事实上,一种更简单的编码方法是使用 URI 构建完整的 URL。所以用你的 query 变量
URI uri = new URI(
"http",
"example.com",
"/path",
query,
null);
URL url = uri.toURL();
// ... then open the HttpURLConnection
请注意,上面的代码没有对 non-ASCII 个字符执行适当的转义序列
URLEncoder.encode 被调用以确保您的 URI 中没有不安全的字符。不安全的字符几乎是所有不是字母、数字和一些特殊字符的字符。
来自 java-doc 的 URLEncoder
The alphanumeric characters "a" through "z", "A" through "Z" and "0" through >"9" remain the same.
The special characters ".", "-", "*", and "_" remain the same.
The space character " " is converted into a plus sign "+".
All other characters are unsafe and are first converted into one or more bytes >using some encoding scheme. Then each byte is represented by the 3-character >string "%xy", where xy is the two-digit hexadecimal representation of the byte. >The recommended encoding scheme to use is UTF-8. However, for compatibility >reasons, if an encoding is not specified, then the default encoding of the >platform is used.
示例:
String query = "foo=abc&bar=def";
所以。如果您对整个查询进行编码,它将导致
foo%3Dabc%26bar%3Defg
在这种情况下,您还对分隔查询部分所需的 = 和 & 进行了编码。
您必须对查询的名称和值进行编码,以确保它们不包含不安全的字符。例如&、= 和任何非 printable/special 字符。如果你知道,你的名字只包含安全字符,你就不必对名字进行编码。
String param1 = URLEncoder.encode("abc", "utf-8");
String param2 = URLEncoder.encode("a&b", "utf-8");
String query = "foo=" + param1 + "&bar=" + param2;
结果
foo=abc&bar=a%26b
这应该是您需要的查询。请注意 param2 中的 & 将被编码,因为它是 "unsafe" 有效的 url!
我有一个 Java class 提交 http post 请求。我有查询参数,我的问题是我需要对名称=值对还是只对值进行编码。
String query = "foo=abc&bar=efg";
String encodedQuery = URLEncoder.encode("foo=abc&bar=efg","utf-8");
或
String query = "foo=" + URLEncoder.encode("abc","utf-8") + "&" + "bar=" + URLEncoder.encode("efg","utf-8");
您应该始终对整个 URL 进行编码。因此,要回答您的问题,您应该对整个查询进行编码。
事实上,一种更简单的编码方法是使用 URI 构建完整的 URL。所以用你的 query 变量
URI uri = new URI(
"http",
"example.com",
"/path",
query,
null);
URL url = uri.toURL();
// ... then open the HttpURLConnection
请注意,上面的代码没有对 non-ASCII 个字符执行适当的转义序列
URLEncoder.encode 被调用以确保您的 URI 中没有不安全的字符。不安全的字符几乎是所有不是字母、数字和一些特殊字符的字符。
来自 java-doc 的 URLEncoder
The alphanumeric characters "a" through "z", "A" through "Z" and "0" through >"9" remain the same. The special characters ".", "-", "*", and "_" remain the same. The space character " " is converted into a plus sign "+". All other characters are unsafe and are first converted into one or more bytes >using some encoding scheme. Then each byte is represented by the 3-character >string "%xy", where xy is the two-digit hexadecimal representation of the byte. >The recommended encoding scheme to use is UTF-8. However, for compatibility >reasons, if an encoding is not specified, then the default encoding of the >platform is used.
示例:
String query = "foo=abc&bar=def";
所以。如果您对整个查询进行编码,它将导致
foo%3Dabc%26bar%3Defg
在这种情况下,您还对分隔查询部分所需的 = 和 & 进行了编码。
您必须对查询的名称和值进行编码,以确保它们不包含不安全的字符。例如&、= 和任何非 printable/special 字符。如果你知道,你的名字只包含安全字符,你就不必对名字进行编码。
String param1 = URLEncoder.encode("abc", "utf-8");
String param2 = URLEncoder.encode("a&b", "utf-8");
String query = "foo=" + param1 + "&bar=" + param2;
结果
foo=abc&bar=a%26b
这应该是您需要的查询。请注意 param2 中的 & 将被编码,因为它是 "unsafe" 有效的 url!