I am trying to send an URL-encoded post to a REST API implemented in PHP. The POST data contains two user-provided strings:
WebRequest request = HttpWebRequest.Create(new Uri(serverUri, "rest"));
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded; charset=UTF-8";
request.Headers.Add("Content-Transfer-Encoding", "binary");
// Form the url-encoded credentials we'll use to log in
StringBuilder builder = new StringBuilder();
开发者_如何学编程builder.Append("user=");
builder.Append(user);
builder.Append("&password=");
builder.Append(password);
byte[] credentials = Encoding.UTF8.GetBytes(builder.ToString());
// Write the url-encoded post data into the request stream.
request.ContentLength = credentials.Length;
using (Stream requestStream = request.GetRequestStream()) {
requestStream.Write(credentials, 0, credentials.Length);
}
This sends a HTTP request to the server containing user=myusername&password=mypassword
in UTF-8 as its POST data.
How can I escape the user-provided strings?
For example, if I had a user named big&mean
, how should the ampersand be escaped so that it does not mess up the request line?
You can use the static HttpUtility
class in System.Web for encoding and decoding HTML and Url related values.
Try HttpUtility.UrlEncode()
.
It would seem that System.Web is obsolete - the newer way to access it is System.Net.WebUtility.HtmlEncode
精彩评论