退出一个foreach循环并检索结果 [英] Exiting a foreach loop and retrieve result

问题描述

我正在做一个小项目，而且脑子已经死了，所以我希望这里有人能帮我打败我的编码器块。

我试图创建一个页面使用PHP，改变其内容显示取决于（如果有的话）值传递给页面（位置）。我创建了一个安全列表阵列，我已经存储了不同的位置。首先我检查任何传递给安全列表的值，如果匹配，我显示一组内容。

如果不匹配，我正在运行一个相似性测试检查是否可能是一个简单的错字，仍然可以导航到人们到我认为他们想要的页面，但这是我卡住的地方。

我希望有人可以输入

www.example.co.uk/location.php< ----加载通用位置页面$ /

www.example.co.uk/location.php?loc=Bishops-Stortford <----加载目标位置页面

www.example.co.uk/location.php?loc=Bishop-Stortford< ----加载目标位置页面，尽管误拼提供了90％或更多的匹配项目

----希望我的系统能够解除恶意代码的注入。

我会在下面发布我的代码，这样你就可以看到我所拥有的东西了。

 <？php 
 $ loc =; 
 $ safelist = array（Bishops Stortford，Braintree，Chelmsford，Dunmow，Harlow，Hertford，Saffron Walden，Sawbridgeworth，Stansted， ，
艾塞克斯，赫特福德郡）; 
 
 if（isset（$ _ GET [loc]））{
 / *获取loc的值（如果设置），用空格替换连字符，并大写第一个字母，小写。 * / 
 $ loc = ucwords（strtolower（str_replace（ - ，，$ _GET [loc]）））; 
 $ * b 
 / *是安全列表中的单词* / 
 if（in_array（$ loc，$ safelist））{
 / *是* / 
 （（$ loc ==Essex）或（$ loc ==Hertfordshire））{
 $ county = True; 
} else {
 $ county = False; 
 
 $ b $ if（$ county == False）{
 echo\。$ loc。\不是县; 
} else {
 echo\。$ loc。\是一个县; 
} 
} else {
 / *不，是否与安全列表中的任何项目有90％的字符串相似？ * / 
 foreach（$ safelist as $ safeword）{
 similar_text（$ safeword，$ loc，$ percent）; 
 echo $ safeword。 。 $ loc。 。 $百分比。 < br />; 
 $ b $ if（$ percent> = 90）{
 
} 
} 
 
 
？> 
  

我不知道if（$ percent> = 90）该怎么办。我知道我想退出循环，并从我找到的第一个90％或更多的匹配结果，但不是100％确定如何做到这一点。

另外什么处理代码注入的最好方法就像 www.example.co.uk/location.php?loc=?php回应我砍了你的网站;
$ div class =h2_lin>解决方案

我想这是你想要的：

pre $ foreach（$ safelist as $ safeword）{
similar_text（$ safeword，$ loc，$ percent）;
echo $ safeword。 。 $ loc。 。 $百分比。 < br />;
if（$ percent> = 90）{
$ loc = $ safeword;
$ county = true;
break;




$ b $ p $只要你不调用 eval（）在用户输入上，您不必担心注入PHP语句。当你回应一些东西的时候，它会被发送到浏览器，它不会被PHP执行。但是，您仍然应该对输出进行清理，因为它可能包含HTML标记，甚至可能包含JavaScript，从而可能劫持用户的浏览器。当在页面上显示输出时，使用 htmlentities（）来编码：



 <$ c $回声问候。ヶ辆（$ FIRST_NAME）; 
  

I'm working on a little project and I've gone brain dead, so I'm hoping someone here can help me defeat my coders block.

I'm trying to create a page using php that changes its content display depending on what (if any) value is passed to the page (Locations). I have created a safelist array which I've stored the different locations. First I check any value passed against the safe list, if its a match I display one set of content.

If it doesn't match I'm running a similarity test to check if theres maybe a simple typo and can still navigate people to the page I think they wanted but this is where I'm getting stuck.

I'm hoping that someone could type

www.example.co.uk/location.php <---- to load a generic location page

www.example.co.uk/location.php?loc=Bishops-Stortford <---- to load a targeted location page

www.example.co.uk/location.php?loc=Bishop-Stortford <---- to load a targeted location page despite mispelling providing its a 90% or more match

www.example.co.uk/location.php?loc=?php echo "I hacked your site"; ?> ---- hopefully my system will disarm nasty code injection

I'll post my code below so you can see what I've got.

<?php 
        $loc = "";
        $safelist = array("Bishops Stortford", "Braintree", "Chelmsford", "Dunmow", "Harlow", "Hertford", "Saffron Walden", "Sawbridgeworth", "Stansted", "Ware", 
                    "Essex", "Hertfordshire");

        if(isset($_GET["loc"])) {
            /* Gets the value of loc if set, replaces hyphens with spaces and capitalises first letters of words converting the rest to lowercase. */
            $loc = ucwords(strtolower(str_replace("-", " ", $_GET["loc"])));
        }

        /* Is word in safelist */
        if (in_array($loc, $safelist)) {
            /* Yes */
            if (($loc == "Essex") or ($loc == "Hertfordshire")) {
                $county = True;
            } else {
                $county = False;
            }

            if ($county == False) {
                echo "\"" . $loc . "\" is not a county";
            }else{
                echo "\"" . $loc . "\" is a county";
            }
        } else {
            /* No, Is string 90% similar to any entry within the safelist? */
            foreach ($safelist as $safeword) {      
                similar_text($safeword, $loc, $percent); 
                echo $safeword . " " . $loc . " " . $percent . "<br />";

                if ($percent >= 90) {

            }
        }


    ?>

I can't think what to do for the if ($percent >=90). I know I want to exit the loop and get the result from the first 90% or more match I find but am not 100% sure how to do this.

Also whats the best way to deal with code injection like www.example.co.uk/location.php?loc=?php echo "I hacked your site"; ?>

解决方案

I think this is what you want:

       foreach ($safelist as $safeword) {      
           similar_text($safeword, $loc, $percent); 
           echo $safeword . " " . $loc . " " . $percent . "<br />";
           if ($percent >= 90) {
               $loc = $safeword;
               $county = true;
               break;
           }
       }

As long as you don't call eval() on user input, you don't have to worry about them injecting PHP statements. When you echo something, it's sent to the browser, it's not executed again by PHP. However, you should still sanitize the output, because it might contain HTML markup, perhaps even Javascript, which could hijack the user's browser. When displaying output on the page, use htmlentities() to encode it:

echo "Greetings, " . htmlentities($first_name);

这篇关于退出一个foreach循环并检索结果的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！