function.file-get-contents-打开流失败 [英] function.file-get-contents - failed to open stream
问题描述
Possible Duplicate:
file_get_contents with query string
我正在使用file_get_contents函数,尽管返回正确的输出,但仍显示此错误:
I'm using the file_get_contents function but although returning the correct output, it is still showing this error:
Warning: file_get_contents(secure/validate.php?cardnumber=1234567) [function.file-get-contents]: failed to open stream: No error in ...
该场景是卡号验证,并且在validatecard.php中有一个简单的if语句:
The scenario is card number validation and in validatecard.php there is a simple if statement:
if (isset($_GET['cardnumber']) && ($_GET['cardnumber'] == "12345")) {
echo "OK";
} else {
echo "INVALID CARD";
}
我的代码是:
$cardnumber = $_POST["cardnumber"];
$url = "secure/validate.php?cardnumber=" . $cardnumber;
if (file_get_contents($url) != "OK"){
$order_error_msg = "Invalid card number";
} else { ....
可能是什么问题?
推荐答案
好吧,看来您没有在php.ini中设置allow_url_fopen @Gordon是正确的,这不是url_fopen问题.这实际上是失败的,因为在本地文件上使用file_get_contents实际上会为您提供文件的 code ,而不是运行该文件的PHP处理结果.要使其按需运行,您需要通过在URL前面加上"https://localhost/"并启用allow_url_fopen来打击apache/PHP.
Well, it seems like you don't have allow_url_fopen set in your php.ini @Gordon is correct, this is not a url_fopen issue. It's actually failing because using file_get_contents on the local file will actually get you the code for the file, not the PHP-processed result of running that file. To get it to work as you wanted, you'd need to hit apache/PHP by prepending "https://localhost/" to the url, and enabling allow_url_fopen.
但这看起来也很令人担忧.您应该尽量减少代码中的抄送号码.通过在获取字符串上使用file_get_contents和卡号,可以打开该号码被记录在某处的可能性.
But also this looks like a very worrying piece of code; you should do as little as possible with CC numbers in the code. By using file_get_contents and a card number on the get string, it opens up the possibility of the number being logged somewhere.
更安全的实现应如下所示:
A much more secure implementation would look something like this:
validatecard.php
validatecard.php
function checkCard($card) {
if ($card == "12345")) {
return "OK";
} else {
return "INVALID CARD";
}
}
然后在您的主要代码中:
Then in your main code:
include('secure/validatecard.php');
$cardnumber = $_POST["cardnumber"];
if (checkCard($cardnumber) != "OK"){
$order_error_msg = "Invalid card number";
} else { ....
通过这种方式,您的checkCard功能更加可重复使用,而且您不必花太多的钱就能找到卡号.
That way your checkCard function is more re-usable, and you don't have to ferry the card number around so much.
如果您决定采用file_get_contents方法并点击 https://localhost/secure/validatecard .php?card = 12345 ,然后信用卡号 将以纯文本格式记录在您的Apache访问日志中.这是在刑事疏忽上,不要这样做.
If you decide to go with the file_get_contents approach and hit https://localhost/secure/validatecard.php?card=12345 then the credit card numbers will get logged in your apache access logs in plain text. This is verging on criminally negligent, don't do it.
另外,按照戈登的建议,请确保您一直使用https.
also, as per Gordon's advice, make sure that you're using https all the way through.
您可能会考虑聘请具有撰写购物车/结帐经验的承包商.这些事情对正确处理很重要,如果您没有经验,可能会以微妙的方式使他们变得不安全.
You might consider hiring in a contractor with experience writing shopping carts/checkouts. These things are important to get right, and can be insecure in subtle ways if you're not experienced.
这篇关于function.file-get-contents-打开流失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
