本文阅读前了解知识:什么时候需要使用 UrlEncode 和 UrlDecode 函数
The author used Google Chrome and pressed F12 to grab packets from the http protocol interface of the third-party website for analysis.
scene
The operation and maintenance brother occasionally uses the website system of an outsourcing company to do equipment entry. The process is simple:
- Enter basic equipment information. There are 7 or 8 fields to enter, and then click the Save button;
- The basic information is saved successfully, enter the device type selection operation, and then click the generate device identification button;
- The device identification is generated successfully, and the module information associated with the device is entered. For a simple device, only 2 modules need to be entered. For a complex device, there are 6 modules. Each module has 3 or 4 fields to be entered. Finally, click Save.
If a device is successfully entered, it may take only a few minutes for the hand speed you have been single for many years. In fact, this is nothing.
Suddenly the leader said that there were 1000 equipment to be built? The little operation and maintenance brother cried, and it was time for the developers to take the stage:😂
- The operation and maintenance prepare an Excel template and enter the basic information and device type information of 1000 equipment that need to be entered. This workload is not large, just half a day, and at most one day's workload;
- Develop a C/S client gadget, and configure module entry rules in the program according to business requirements;
- When a device is entered during program execution, the generated device identification is associated with the device;
- After all entries are completed, an Excel export is provided to associate and export all basic equipment information and generated equipment identification, and the work is completed.
After several days of development work, the development brother handed over the carefully polished gadget to the operation and maintenance brother. After using it, the operation and maintenance brother cast a approving look...
problem
The words in the beginning are a bit long-winded. When developing this gadget, the developer encountered a problem:
xxx interface
这是某个接口的信息,Content-Type 是 application/x-www-form-urlencoded,下面参数使用的Form Data,即参数使用了UrlEncode,比如未编码前的一个参数:
"Content":"{"AP_Name":"HK_7889","IP":"192.168.0.1"}"
编码后(可以使用这个在线 URL 编码解码工具验证):
"Content":"%7B%22AP_Name%22%3A%22HK_7889%22%2C%22IP%22%3A%2292.168.0.1%22%7D"
使用Postman测试时,未对参数使用UrlEncode,接口测试成功,开发这个小工具时,有 3 个接口都是类似的,未进行UrlEncode操作:
var client = new RestClient("http://admin.lqclass.com/api/device");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("Content", "{\"AP_Name\":\"HK_7889\",\"IP\":\"92.168.0.1\"}");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
But I encounter a slightly more complex interface, such as the parameters in the screenshot:
"Content":"{"AP_Name":"HK_7889","IP":"192.168.0.1","Module":[{"M_Name":"cameri0","Desc":"cameri0","AP_PUID":"54632325461320320"},{"M_Name":"cameri1","Desc":"cameri1","AP_PUID":"54636325461320320"},{"M_Name":"cameri2","Desc":"cameri2","AP_PUID":"54632325421320320"}]}"
Content值格式化看得清楚一点,Module是设备关联的模块信息:
{
"AP_Name": "HK_7889",
"IP": "192.168.0.1",
"Module": [
{
"M_Name": "cameri0",
"Desc": "cameri0",
"AP_PUID": "54632325461320320"
},
{
"M_Name": "cameri1",
"Desc": "cameri1",
"AP_PUID": "54636325461320320"
},
{
"M_Name": "cameri2",
"Desc": "cameri2",
"AP_PUID": "54632325421320320"
}
]
}
实际UrlEncode后的参数为:
"Content":"%7B%22AP_Name%22%3A%22HK_7889%22%2C%22IP%22%3A%22192.168.0.1%22%2C%22Module%22%3A%22%255B%257B%2522M_Name%2522%253A%2522cameri0%2522%252C%2522Desc%2522%253A%2522cameri0%2522%252C%2522AP_PUID%2522%253A%252254632325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri1%2522%252C%2522Desc%2522%253A%2522cameri1%2522%252C%2522AP_PUID%2522%253A%252254636325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri2%2522%252C%2522Desc%2522%253A%2522cameri2%2522%252C%2522AP_PUID%2522%253A%252254632325421320320%2522%257D%255D%22%7D"
本来一般接口,如上面成功执行的 C#代码那般直接未UrlEncode调用是没问题的。
However, when this interface is called, the server returns an error message: "xxx parsing failed", and the calling code is as follows:
var client = new RestClient("http://admin.lqclass.com/api/device");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("Content", "{\"AP_Name\":\"HK_7889\",\"IP\":\"192.168.0.1\",\"Module\":[{\"M_Name\":\"cameri0\",\"Desc\":\"cameri0\",\"AP_PUID\":\"54632325461320320\"},{\"M_Name\":\"cameri1\",\"Desc\":\"cameri1\",\"AP_PUID\":\"54636325461320320\"},{\"M_Name\":\"cameri2\",\"Desc\":\"cameri2\",\"AP_PUID\":\"54632325421320320\"}]}");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
两处调用代码哪里不同?只是 Content 值不一样,最后怀疑是不是需要手动进行UrlEncode?又不是 url 参数,为啥需要编码呢?不管啦,先编码了再说。
problem solving
After the parameters are encoded, call:
var client = new RestClient("http://admin.lqclass.com/api/device");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("Content", "%7B%22AP_Name%22%3A%22HK_7889%22%2C%22IP%22%3A%22192.168.0.1%22%2C%22Module%22%3A%22%255B%257B%2522M_Name%2522%253A%2522cameri0%2522%252C%2522Desc%2522%253A%2522cameri0%2522%252C%2522AP_PUID%2522%253A%252254632325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri1%2522%252C%2522Desc%2522%253A%2522cameri1%2522%252C%2522AP_PUID%2522%253A%252254636325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri2%2522%252C%2522Desc%2522%253A%2522cameri2%2522%252C%2522AP_PUID%2522%253A%252254632325421320320%2522%257D%255D%22%7D");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
哈哈,成功了,这里简单猜测下:别人的服务对接收的参数可能做了UrlDecode操作。
其实中间还做了一个参数的UrlEncode操作,即下面的Module参数值:
"Content":{"AP_Name":"HK_7889","IP":"192.168.0.1","Module":[{"M_Name":"cameri0","Desc":"cameri0","AP_PUID":"54632325461320320"},{"M_Name":"cameri1","Desc":"cameri1","AP_PUID":"54636325461320320"},{"M_Name":"cameri2","Desc":"cameri2","AP_PUID":"54632325421320320"}]}
第一次UrlEncode,即先对Module的值进行UrlEncode:
"Content":{"AP_Name":"HK_7889","IP":"192.168.0.1","Module":%5B%7B%22M_Name%22%3A%22cameri0%22%2C%22Desc%22%3A%22cameri0%22%2C%22AP_PUID%22%3A%2254632325461320320%22%7D%2C%7B%22M_Name%22%3A%22cameri1%22%2C%22Desc%22%3A%22cameri1%22%2C%22AP_PUID%22%3A%2254636325461320320%22%7D%2C%7B%22M_Name%22%3A%22cameri2%22%2C%22Desc%22%3A%22cameri2%22%2C%22AP_PUID%22%3A%2254632325421320320%22%7D%5D}
第二次UrlEncode即是上面成功的参数方式了,对整个Content的值进行UrlEncode,看上面成功的参数,不重复贴了。
finally it summarizes
抓别人数据包时,不要凭印象、已有知识判定该怎么怎么做,比如前面的参数,不使用UrlEncode时,调用成功了,其他包我是否也沿用相同的方式使用就正确呢?搞不定时,多尝试猜测的方法。
Summary: "Whatever, just do it."
本文使用的UrlEncode C# 代码:
public static string UrlEncode(string str)
{
StringBuilder sb = new StringBuilder();
byte[] byStr = System.Text.Encoding.UTF8.GetBytes(str); //默认是System.Text.Encoding.Default.GetBytes(str)
for (int i = 0; i < byStr.Length; i++)
{
sb.Append(@"%" + Convert.ToString(byStr[i], 16));
}
return (sb.ToString());
}