Encoding the minimum characters in a POST request: is it safe or not?

Question

Encoding the minimum characters in a POST request: is it safe or not?

I came up with an approach to encoding only four characters in the value of the POST: parameter # ; & +. What problems can arise if they exist?

Personally, I don't like these hacks. The reason I ask about this is because I have an argument with its inventor.

Update. . To clarify, this question concerns the encoding parameters in the body of the POST, and not about escaping the POST parameters on the server side, for example. d. before submitting them to a shell, database, HTML page or something else.

+3

post urlencode cgi

codeholic Feb 26 '10 at 21:06

source share

3 answers

(?) . , . . , (, ). , , .

, . SQL, HTML , .

0

outis 26 . '10 21:14

: $sql ='DELETE * from articles WHERE id ='.$_POST['id'].';
: 1' OR '10
: $sql ='DELETE * from articles WHERE id ='1' OR '10';

0

DCC 26 . '10 21:21

Ivan Nevostruev · Accepted Answer · 2010-02-26T22:47:14+0000

rfc1738 ( application/x-www-form-urlencoded ):

:
. , , , URL- . "<" " > " , URL- ; ( "" ) URL- . "#" , World Wide Web , URL- / , . "%" , . , , . : "{", "}", "|", "\", "^", "~", "[", "]" "`".
URL-. , "#" URL- , , , URL- , , URL-.

Encoding the minimum characters in a POST request: is it safe or not?

More articles: