在 URL 中为 http post 编码参数和值或仅编码值?

Encode both parameter and value or just value in URL for http post?

我有一个 Java class 提交 http post 请求。我有查询参数,我的问题是我需要对名称=值对还是只对值进行编码。

String query = "foo=abc&bar=efg";

String encodedQuery = URLEncoder.encode("foo=abc&bar=efg","utf-8");

String query = "foo=" + URLEncoder.encode("abc","utf-8") + "&" + "bar=" + URLEncoder.encode("efg","utf-8");

您应该始终对整个 URL 进行编码。因此,要回答您的问题,您应该对整个查询进行编码。

事实上,一种更简单的编码方法是使用 URI 构建完整的 URL。所以用你的 query 变量

URI uri = new URI(
    "http", 
    "example.com", 
    "/path",
    query,
    null);

URL url = uri.toURL();
// ... then open the HttpURLConnection

请注意,上面的代码没有对 non-ASCII 个字符执行适当的转义序列

URLEncoder.encode 被调用以确保您的 URI 中没有不安全的字符。不安全的字符几乎是所有不是字母、数字和一些特殊字符的字符。

来自 java-doc 的 URLEncoder

The alphanumeric characters "a" through "z", "A" through "Z" and "0" through >"9" remain the same. The special characters ".", "-", "*", and "_" remain the same. The space character " " is converted into a plus sign "+". All other characters are unsafe and are first converted into one or more bytes >using some encoding scheme. Then each byte is represented by the 3-character >string "%xy", where xy is the two-digit hexadecimal representation of the byte. >The recommended encoding scheme to use is UTF-8. However, for compatibility >reasons, if an encoding is not specified, then the default encoding of the >platform is used.

示例:

String query = "foo=abc&bar=def";

所以。如果您对整个查询进行编码,它将导致

foo%3Dabc%26bar%3Defg

在这种情况下,您还对分隔查询部分所需的 = 和 & 进行了编码。

您必须对查询的名称和值进行编码,以确保它们不包含不安全的字符。例如&、= 和任何非 printable/special 字符。如果你知道,你的名字只包含安全字符,你就不必对名字进行编码。

String param1 = URLEncoder.encode("abc", "utf-8");
String param2 = URLEncoder.encode("a&b", "utf-8");
String query = "foo=" + param1 + "&bar=" + param2;

结果

foo=abc&bar=a%26b

这应该是您需要的查询。请注意 param2 中的 & 将被编码,因为它是 "unsafe" 有效的 url!