How to encode HTTP POST parameters (C# client to PHP Server)?

Question

I'm having trouble figuring out the best way to encode the POST parameters to a server call. I writing a C# client that will be served by a PHP server. I want to allow a great deal of flexibility in the parameters, so my current plan is to have a single parameter that I use JSON to encode. For example:

params = {"object":"Main","function":"doecho","params":["echothis...."]}

I'm using the C# WebRequest object and contentType of "application/x-www-form-urlencoded; charset=UTF-8". The data gets to the server and everything works as expected until I add illegal JSON characters in the data.

For example, if I use the following data, then I can't do a json_decode on it on the server side. The server appears to automatically turn the %40 into a double-quote (") when I read it with $this->getRequest()->getParams(); (Zend_Framework).

params = {"object":"Main","function":"doecho","params":["echothis%25%5d%22%40%3d%26...."]}

What is the best practice here? Do I need to base64 encode the data? Is there something obvious I'm missing with the content type or a php setting?

I have full control over the client and server, so I'd like to know what is the right/best thing to do.

Answer 1

While potentially any content-type can be used to upload to HTTP, there are three used in practice:

1. One specifically set by a given service's documentation.
2. application/x-www-form-urlencoded - the default used by HTML forms.
3. multipart/form-data - the other form used by HTML forms, required when it includes form uploads.

Due to 2 and 3 being so commonly used (as they are supported by all browser's for submitting forms), pretty much all server-side tech has things to handle them. So unless the PHP part does something strange, you should be able to use either.

application/x-www-form-urlencoded isn't appropriate for some data, but is the simplest for what it is used for. It's pretty much the same as the way query-strings are created for GET form requests, but as POST content.

Hence you want your content to be:

"params=" + Uri.EscapeDataString(paramData)

As such the first becomes:

params=%7B%22object%22%3A%22Main%22%2C%22function%22%3A%22doecho%22%2C%22params%22%3A%5B%22echothis....%22%5D%7D

And the second:

params=%7B%22object%22%3A%22Ccmes_Main%22%2C%22function%22%3A%22doecho%22%2C%22params%22%3A%5B%22echothis%2525%255d%2522%2540%253d%2526....%22%5D%7D

Both of which PHP's built-ins will turn back into the forms in your question.

Answer 2

My first thought was encoding it as base64. I think this should be the simplies way.

From arcanecode.com:

static public string EncodeTo64(string toEncode)
{
  byte[] toEncodeAsBytes = System.Text.ASCIIEncoding.ASCII.GetBytes(toEncode);
  string returnValue = System.Convert.ToBase64String(toEncodeAsBytes);
  return returnValue;
}