I was able to do this using TamperData Firefox plugin.

我能够使用 TamperData Firefox 插件来做到这一点。

https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

When given the Tamper Popup I typed "%00" in the Post Parameter Value field.

当给出 Tamper Popup 时，我在 Post Parameter Value 字段中输入了“%00”。

Still, I cannot find a way to type a null character just using the keyboard.

尽管如此，我还是找不到仅使用键盘键入空字符的方法。

my suggestion would be to write the null character to an html element you would like it in ex:

我的建议是将空字符写入您希望在 ex 中使用的 html 元素：

    document.getElementByID("my_null_tag").innerHTML += "
<html>
    <body onload='document.forms[0].submit();'>
        <form method="post" action="http://localhost/test.asp" >
            <input type="hidden" name="param" value="%00">
        </form>
    </body>
</html>
"

�

You can use an HTML entity. Not fully sure of how many zeroes are required but:

您可以使用 HTML 实体。不完全确定需要多少个零，但是：

javascript:(function(){var xhr=new XMLHttpRequest();xhr.onreadystatechange=function(){if(this.readyState==4){document.write(this.responseText)}};xhr.open("POST",'/form',true);xhr.send("
(function() {
    var xhr = new XMLHttpRequest();
    xhr.onreadystatechange = function () {
        if (this.readyState == 4) {
            document.write(this.responseText);
        }
    };
    xhr.open("POST", '/form', true);
    xhr.send("
$dbstring = str_replace(?,NULL); and the value will be NULL
");
})()
");})()

For an arbitrary Unicode character it's easier to use the hexadecimal notation. E.g., ㍝prints ㍝ wich is U+335D.

对于任意 Unicode 字符，使用十六进制表示法更容易。例如，㍝打印 ㍝ 是U+335D。

Update:This question is pretty tricky indeed. I've managed to insert a null character inside an HTML document (using a server-side script and verified with an hexadecimal editor). As expected, there is no difference with the HTML entity, which can be either �or �. But the browser does not send the character in the post request (tested with Firefox and Firebug): it sends %EF%BF%BD, which is REPLACEMENT CHARACTER' (U+FFFD). Exactly, it sends the interrogation mark in a box that's used to print the null in the document (given that null is not printable).

更新：这个问题确实很棘手。我设法在 HTML 文档中插入了一个空字符（使用服务器端脚本并使用十六进制编辑器进行验证）。正如预期的那样，存在与HTML实体，其可以是无差异任一�或�。但是浏览器不会发送 post 请求中的字符（用 Firefox 和 Firebug 测试）：它发送%EF%BF%BD, 即REPLACEMENT CHARACTER' (U+FFFD)。确切地说，它在用于打印文档中的空值的框中发送询问标记（假设空值不可打印）。

My guess is that your testers need to script the task.

我的猜测是您的测试人员需要编写任务脚本。

Use AJAX to submit the form. I.e. paste something like this in the address bar instead:

使用 AJAX 提交表单。即在地址栏中粘贴类似的内容：

$dbstring = str_replace(?,""); and the value will be BLANK

Here it is unwrapped, so you can actually see it:

这是解开的，所以你可以真正看到它：

Ø = ? (usually for null)
ø = ? (could be used, but the upper-case version seems more appropriate.)

There are some limitations to this, of course, since it just blindly replaces the content of the current page with whatever it got back. But this might be enough to tell if something went wrong or not.

当然，这有一些限制，因为它只是盲目地用它返回的任何内容替换当前页面的内容。但这可能足以判断是否出现问题。

A Latin character O with a slash through it is often acceptable as a symbol for Null/Nul (or blank if you prefer). If you are using database-driven applications you'll want to sanitize this symbol to replace with null or blank, depending on your needs.

带有斜线的拉丁字符 O 通常可以作为 Null/Nul 的符号（如果您愿意，也可以是空白）。如果您正在使用数据库驱动的应用程序，您将需要清理此符号以替换为 null 或空白，具体取决于您的需要。

How to do it:ALT + 0216 in your favorite editor should give you ? - which is, for this display purpose, Null.

怎么做：ALT + 0216 在你最喜欢的编辑器中应该给你什么？- 出于此显示目的，Null。

Then, as an example and a best practice, you'll sanitize the form submission before it gets passed to the database.

然后，作为示例和最佳实践，您将在表单提交传递到数据库之前对其进行清理。

Example Case:If feeding a database-driven PHP site, your sanitation of this specific character this might look something like...

示例案例：如果提供一个数据库驱动的 PHP 站点，您对这个特定字符的清理可能看起来像......

Or try...

或者试试...

!alternatively, you may want to do this display with the HTML entity codes, which I mention below.

！或者，您可能希望使用我在下面提到的 HTML 实体代码进行此显示。

Alt + 0216 explainedIf using a normal 104-key keyboard with English (American) set as your primary language, hold down the ALT key, and while holding, use the NUMBER PAD keys to enter 0216. Then release the ALT key, and your character should appear. *This is primarily a Windows method. Macintosh, (X)nix and bsd users, you will probably be stuck using the HTML entity codes.

Alt + 0216 解释如果使用普通的 104 键键盘并将英语（美国）设置为您的主要语言，请按住 ALT 键，并在按住的同时使用数字键盘键输入 0216。然后松开 ALT 键，您的字符应该出现。*这主要是一种 Windows 方法。Macintosh、(X)nix 和 bsd 用户，您可能会被 HTML 实体代码卡住。

Special note:use of the top-of-keyboard numbers doesn't work. If you are on a laptop or other device that makes this difficult or impossible. try an alternative: Use the HTML entity codes:

特别注意：使用键盘顶部的数字不起作用。如果您使用的是笔记本电脑或其他使这变得困难或不可能的设备。尝试替代方法：使用HTML 实体代码：

Other thoughts that might be helpful:Nul vs Null vs Blank - They fundamentally mean the same thing, but different programming languages use or require these differently. (There's others too, like NULPTR for Null Pointer.)

其他可能有用的想法：Nul vs Null vs Blank - 它们基本上意味着相同的事情，但不同的编程语言使用或要求这些不同。（还有其他的，比如 Null Pointer 的 NULPTR。）

The point I'm trying to make with NUL/NULL, is that the submitted variable 'doesn't exist' or simply 'wasn't there at all'. In most contexts, you can simply call this "Null" and be understood.

我试图用 NUL/NULL 说明的一点是，提交的变量“不存在”或干脆“根本不存在”。在大多数情况下，您可以简单地称其为“Null”并被理解。

Some database systems treat Blank and NULL as the same thing. Others, Blank is actually an empty value, whereas NULL is no value at all (like mentioned above.)

一些数据库系统将 Blank 和 NULL 视为同一件事。其他人，Blank 实际上是一个空值，而 NULL 根本没有值（如上所述）。

Hopefully this helps in building the view you're looking for.

希望这有助于构建您正在寻找的视图。