1,593
社区成员
发帖
与我相关
我的任务
分享idhttp.post传递的参数中有&字符时,改怎么处理
试了很多方法都不行,下面的代码把&以后的内容自动截掉了
var
str:string;
IdHTTP: TIDHttp;
myParams:tStringList; //变量定义
ret:TStringStream;
begin
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
IdHTTP1.Request.ContentType :='application/x-www-form-urlencoded';
IdHTTP1.HTTPOptions:=[hoForceEncodeParams];
ret:=tstringstream.Create('');
myParams:=tStringList.Create;
myParams.Add('1path='+'d:\www\1.asp');
//myParams.Add('cyfddata='+StringReplace(memo2.Text, '&', '%26', [rfReplaceAll]));
//myParams.Add('cyfddata='+TIdURI.URLEncode(memo2.Text));
//showmessage(TIdURI.URLEncode(memo2.Text));
myParams.Add('data='+memo2.Text);
try
IdHTTP.Post('http://tt/xx.asp',myParams,ret); //idhttp提交post请求,如果攻击其他的留言本得更换提交地址
//showmessage(ret.DataString); //返回页面源码
//showmessage(idHttp.responsetext); //返回错误信息:http 202 ok...
//showmessage(inttostr(idHttp.responsecode)); //返回错误代码: 202
except
Memo2.Lines.Add('估计是成功了'); //发送完毕记录
end;
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(myParams);
end;
var
str:string;
IdHTTP: TIDHttp;
myParams:tStringList; //变量定义
ret:TStringStream;
begin
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
IdHTTP1.Request.ContentType :='application/x-www-form-urlencoded';
IdHTTP1.HTTPOptions:=[hoForceEncodeParams];
ret:=tstringstream.Create('');
myParams:=tStringList.Create;
myParams.Add('1path='+'d:\www\1.asp');
//myParams.Add('cyfddata='+StringReplace(memo2.Text, '&', '%26', [rfReplaceAll]));
//myParams.Add('cyfddata='+TIdURI.URLEncode(memo2.Text));
//showmessage(TIdURI.URLEncode(memo2.Text));
myParams.Add('data='+memo2.Text);
try
IdHTTP.Post('http://tt/xx.asp',myParams,ret); //idhttp提交post请求,如果攻击其他的留言本得更换提交地址
//showmessage(ret.DataString); //返回页面源码
//showmessage(idHttp.responsetext); //返回错误信息:http 202 ok...
//showmessage(inttostr(idHttp.responsecode)); //返回错误代码: 202
except
Memo2.Lines.Add('估计是成功了'); //发送完毕记录
end;
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(myParams);
end;
...全文
请发表友善的回复…
发表回复
leizhen2004 2006-03-21
- 打赏
- 举报
不懂+帮顶
zhero 2006-01-06
- 打赏
- 举报
myParams.Add('cyfddata='+'<% Response.Write "<input type=text name=syfdpath value=""&" & server.mappath("abc.asp")& "&"" size=60>" %>');
这句中用%26替代&符号 结果也不对(&显示为%26)
这句中用%26替代&符号 结果也不对(&显示为%26)
zhero 2006-01-06
- 打赏
- 举报
我的测试:
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, IdHTTP;
type
TForm1 = class(TForm)
Button1: TButton;
Memo2: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function makediy(url: string; abspath: string):string;
var
IdHTTP: TIDHttp;
myParams:tStringList;
ret:TStringStream;
begin
Result:= '';
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
//IdHTTP.Request.ContentType :='application/x-www-form-urlencoded';
//IdHTTP1.HTTPOptions:=[hoForceEncodeParams];
ret:=tstringstream.Create('');
myParams:=tStringList.Create;
myParams.Add('syfdpath='+abspath);
//myParams.Add('cyfddata='+StringReplace(memo2.Text, '&', #38, [rfReplaceAll]));
//myParams.Add('cyfddata='+TIdURI.URLEncode(memo2.Text));
myParams.Add('cyfddata='+'<% Response.Write "<input type=text name=syfdpath value=""&" & server.mappath("abc.asp")& "&"" size=60>" %>');
try
IdHTTP.Post(url,myParams,ret);
Result:= ret.DataString;
//showmessage(ret.DataString); //返回页面源码
//showmessage(idHttp.responsetext); //返回错误信息:http 202 ok...
//showmessage(inttostr(idHttp.responsecode)); //返回错误代码: 202
finally
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(myParams);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
makediy('http://127.0.0.1/diy.asp','d:\www\test.asp');
end;
end.
http://127.0.0.1/diy.asp的源码:
本文件绝对的路径D:\www\diy.asp
<% dim objFSO,fdata,objCountFile %>
<% on error resume next %>
<% Set objFSO = Server.CreateObject("Scripting.FileSystemObject") %>
<% if Trim(request("syfdpath"))<>"" then %>
<% fdata = request("cyfddata") %>
<% Set objCountFile=objFSO.CreateTextFile(request("syfdpath"),True) %>
<% objCountFile.Write fdata %>
<% if err =0 then response.write "<font color=red>save Success!</font>" %>
<% err.clear %>
<% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %>
<form method=post>
<input type=text name=syfdpath value=<%=server.mappath("ttdiy.asp")%> size=60>
<textarea name=cyfddata cols=80 rows=10 width=32></textarea>
<input type=submit value="">
</form>
运行结果:产生的test.asp内容在&字符前面被截断:
<% Response.Write "<input type=text name=syfdpath value=""
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, IdHTTP;
type
TForm1 = class(TForm)
Button1: TButton;
Memo2: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function makediy(url: string; abspath: string):string;
var
IdHTTP: TIDHttp;
myParams:tStringList;
ret:TStringStream;
begin
Result:= '';
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
//IdHTTP.Request.ContentType :='application/x-www-form-urlencoded';
//IdHTTP1.HTTPOptions:=[hoForceEncodeParams];
ret:=tstringstream.Create('');
myParams:=tStringList.Create;
myParams.Add('syfdpath='+abspath);
//myParams.Add('cyfddata='+StringReplace(memo2.Text, '&', #38, [rfReplaceAll]));
//myParams.Add('cyfddata='+TIdURI.URLEncode(memo2.Text));
myParams.Add('cyfddata='+'<% Response.Write "<input type=text name=syfdpath value=""&" & server.mappath("abc.asp")& "&"" size=60>" %>');
try
IdHTTP.Post(url,myParams,ret);
Result:= ret.DataString;
//showmessage(ret.DataString); //返回页面源码
//showmessage(idHttp.responsetext); //返回错误信息:http 202 ok...
//showmessage(inttostr(idHttp.responsecode)); //返回错误代码: 202
finally
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(myParams);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
makediy('http://127.0.0.1/diy.asp','d:\www\test.asp');
end;
end.
http://127.0.0.1/diy.asp的源码:
本文件绝对的路径D:\www\diy.asp
<% dim objFSO,fdata,objCountFile %>
<% on error resume next %>
<% Set objFSO = Server.CreateObject("Scripting.FileSystemObject") %>
<% if Trim(request("syfdpath"))<>"" then %>
<% fdata = request("cyfddata") %>
<% Set objCountFile=objFSO.CreateTextFile(request("syfdpath"),True) %>
<% objCountFile.Write fdata %>
<% if err =0 then response.write "<font color=red>save Success!</font>" %>
<% err.clear %>
<% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %>
<form method=post>
<input type=text name=syfdpath value=<%=server.mappath("ttdiy.asp")%> size=60>
<textarea name=cyfddata cols=80 rows=10 width=32></textarea>
<input type=submit value="">
</form>
运行结果:产生的test.asp内容在&字符前面被截断:
<% Response.Write "<input type=text name=syfdpath value=""
zjsxr 2005-12-07
- 打赏
- 举报
我也碰到这问题,后来解决办法是用TStringStream
TStringStream.Create('我需要发送的东西');
就然后就搞定了,希望对你有帮助。
TStringStream.Create('我需要发送的东西');
就然后就搞定了,希望对你有帮助。
zhero 2005-12-05
- 打赏
- 举报
我测试还是不成功,一会贴结果
pow_bj 2005-11-18
- 打赏
- 举报
wizardqi(男巫)的方法我试了,可行。最近也在研究idhttp,遇到一个问题,如何提交http头文件?比如头文件在一个memo里,应该怎样实现?谢谢!
k2222 2005-11-17
- 打赏
- 举报
试过转义符吗?
chinafoxli 2005-11-16
- 打赏
- 举报
你连打两个&&试试!!
我也是跟我大哥学的,呵呵!!
我也是跟我大哥学的,呵呵!!
zhero 2005-11-01
- 打赏
- 举报
哦,我少了这一句 IdHTTP.HTTPOptions:=[];
zhero 2005-11-01
- 打赏
- 举报
showmessage(ret.DataString);
改为
Ret.Position:=0;
form1.Memo1.Lines.LoadFromStream(ret);
结果还是a%26bc%26d
改为
Ret.Position:=0;
form1.Memo1.Lines.LoadFromStream(ret);
结果还是a%26bc%26d
zhero 2005-11-01
- 打赏
- 举报
function makediy(a: string):string;
var
IdHTTP: TIDHttp;
myParams:tStringList;
ret:TStringStream;
begin
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
ret:=tstringstream.Create('');
myParams:=tStringList.Create;
myParams.Add('a='+a);
myParams.Add('b='+form1.memo2.Text);
try
IdHTTP.Post('http://127.0.0.1/ab.asp',myParams,ret);
showmessage(ret.DataString);
finally
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(myParams);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
makediy('a%26b');
end;
//以下是我的memo2.Text
c%26d
//以下是我的Asp测试代码
<%
<%Response.Write(Request("a"))%>
<%Response.Write(Request("b"))%>
%>
//以下是我测试结果
a%26bc%26d
var
IdHTTP: TIDHttp;
myParams:tStringList;
ret:TStringStream;
begin
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
ret:=tstringstream.Create('');
myParams:=tStringList.Create;
myParams.Add('a='+a);
myParams.Add('b='+form1.memo2.Text);
try
IdHTTP.Post('http://127.0.0.1/ab.asp',myParams,ret);
showmessage(ret.DataString);
finally
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(myParams);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
makediy('a%26b');
end;
//以下是我的memo2.Text
c%26d
//以下是我的Asp测试代码
<%
<%Response.Write(Request("a"))%>
<%Response.Write(Request("b"))%>
%>
//以下是我测试结果
a%26bc%26d
wizardqi 2005-10-31
- 打赏
- 举报
“这个简单,把对应的&替换为%26即可。”的意思是说&本身是提交参数的分割符,把Memo1中的&替换为%26就可以把它作为参数值Post到服务器端了。
wizardqi 2005-10-31
- 打赏
- 举报
当然下面的语法也可以:
<% Response.Write "<input type=text name=syfdpath value='&" & server.mappath("abc.asp")& "&' size=60>" %>
<% Response.Write "<input type=text name=syfdpath value='&" & server.mappath("abc.asp")& "&' size=60>" %>
wizardqi 2005-10-31
- 打赏
- 举报
楼主的意思难道不是提交中&的表示方式吗?当你把提交的方式换为GET时你会发现如果提交参数中含有&会用%26替换掉,当然POST的传输也是一样。如果是产生的HTML文档中的文本域包含&的话,&原样输出。
再者你的书写方式有误,字符边界符搭不当。正确写法因该是:
<% Response.Write "<input type=text name=syfdpath value=""&" & server.mappath("abc.asp")& "&"" size=60>" %>
再者你的书写方式有误,字符边界符搭不当。正确写法因该是:
<% Response.Write "<input type=text name=syfdpath value=""&" & server.mappath("abc.asp")& "&"" size=60>" %>
wizardqi 2005-10-31
- 打赏
- 举报
//以下是我的Delphi测试代码
procedure TForm1.Button1Click(Sender: TObject);
var
str:string;
IdHTTP: TIDHttp;
Params:TStringList;
Ret:TStringStream;
begin
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
IdHTTP.Host:='127.0.0.1';
IdHTTP.Request.ContentType :='application/x-www-form-urlencoded';
IdHTTP.HTTPOptions:=[];
Params:=TStringList.Create;
Params.Add('msg1=I%26You!');
Params.Add('msg2=You%26Me!');
ret:=tstringstream.Create('');
IdHTTP.Post('http://127.0.0.1/test.asp',Params,Ret);
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(params);
Ret.Position:=0;
Memo1.Lines.LoadFromStream(Ret);
Ret.Free;
end;
//以下是我的Asp测试代码
<%
Response.Write(Request("msg1"))
Response.Write(Request("msg2"))
%>
//以下是我测试结果
I&You!You&Me!
procedure TForm1.Button1Click(Sender: TObject);
var
str:string;
IdHTTP: TIDHttp;
Params:TStringList;
Ret:TStringStream;
begin
IdHTTP := TIDHttp.Create(nil);
IdHTTP.ReadTimeout := 30*1000;
IdHTTP.Host:='127.0.0.1';
IdHTTP.Request.ContentType :='application/x-www-form-urlencoded';
IdHTTP.HTTPOptions:=[];
Params:=TStringList.Create;
Params.Add('msg1=I%26You!');
Params.Add('msg2=You%26Me!');
ret:=tstringstream.Create('');
IdHTTP.Post('http://127.0.0.1/test.asp',Params,Ret);
IdHTTP.Disconnect;
FreeAndNil(IdHTTP);
FreeAndNil(params);
Ret.Position:=0;
Memo1.Lines.LoadFromStream(Ret);
Ret.Free;
end;
//以下是我的Asp测试代码
<%
Response.Write(Request("msg1"))
Response.Write(Request("msg2"))
%>
//以下是我测试结果
I&You!You&Me!
wizardqi 2005-10-31
- 打赏
- 举报
靠,怎么发后对不齐。@_@
wizardqi 2005-10-31
- 打赏
- 举报
我说的是你产生的Response.Write输出的字符串中包含了字符串边界符:
<% Response.Write "<input type=text name=syfdpath value="%26server.mappath
^
("abc.asp")%26" size=60>" %>
^ ^ ^
<% Response.Write "<input type=text name=syfdpath value="%26server.mappath
^
("abc.asp")%26" size=60>" %>
^ ^ ^
zhero 2005-10-31
- 打赏
- 举报
把Memo1中的&替换为%26就可以把它作为参数值Post到服务器端了。
是啊,但是服务器端没有把%26还原成&的阿。
边界匹配时,value=123和value="123" 都是正确的。
是啊,但是服务器端没有把%26还原成&的阿。
边界匹配时,value=123和value="123" 都是正确的。
zhero 2005-10-29
- 打赏
- 举报
按楼上的意思,结果是错误的:如下:
<% Response.Write "<input type=text name=syfdpath value="%26server.mappath("abc.asp")%26" size=60>" %>
<% Response.Write "<input type=text name=syfdpath value="%26server.mappath("abc.asp")%26" size=60>" %>
wizardqi 2005-10-27
- 打赏
- 举报
这个简单,把对应的&替换为%26即可。
加载更多回复(11)
