类似的PHP表单代码:如果$ _REQUEST为空,则第一次抛出错误,第二次不会 [英] Similar PHP form code: First throws error if $_REQUEST is empty, second does not
问题描述
我是PHP新手,所以这可能是一个简单的答案。希望我把这个格式正确地正确地转换成SO标准(对于这个网站来说还是新的)。我正在处理两组非常相似的代码,它们提交表单数据和使用htmlspecialchars在我非常基本的通过SitePoint开始的PHP书籍中阻止XSS攻击。
使用代码集1时,一旦我将表单动作从
< form action =formpost.phpmethod =post>
至
< form action =<?php echo $ _SERVER ['PHP_SELF'];?>方法= POST >
我搜索到了,发现我需要检查 $ _ REQUEST 是空的或者不是为了没有未定义的索引并且摆脱那个错误。如果有人能够向我解释这一部分,我会非常感激。为了成为一个索引? 有什么需要考虑的周长,请不要取笑我我知道我听起来很愚蠢 - > 因为 $ _ REQUEST 是,它是,
Index $ _POST $ _ GET 和 $ _ COOKIE 是一个数组,数组内的数据是索引, 0,1,2,3等。?
我知道 $ _ REQUEST 可能是空的,因为没有 $ _ REQUEST 已经创建(我想?)但是,因为没有脚本通过向表单中输入数据而被激活,为什么数据已经处于 $ _ REQUEST ?
代码集1(除非脚本检查 $ _ REQUEST 是否为空)否则错误[undefined index]:
在这段代码中,我只是允许最终用户通过表单域或通过手动添加到url的字符串发布他们的名字并将其打印。
<?php
if(!empty($ _ REQUEST))
{
$ firstname = $ _REQUEST [ '姓名'];
$ lastname = $ _REQUEST ['lastname'];
echo'欢迎来到我们的网站'。
htmlspecialchars($ firstname,ENT_QUOTES,'utf-8')。 ''。
htmlspecialchars($姓氏,ENT_QUOTES,'utf-8')。 !;
}
?>
<!DOCTYPE html>
< html lang =en>
< head>
< meta charset =utf-8>
< title>查询字符串连结示例< / title>
< / head>
< body>
< p>
< form action =<?php echo $ _SERVER ['PHP_SELF'];?>方法= POST >
< div>< label for =firstname>名字:
< input type =textname =firstnameid =firstname>< / label>
< / div>
< div>< label for =lastname>姓氏:
< input type =textname =lastnameid =lastname>< / label> < / DIV>
< div>< input type =submitvalue =GO>< / div>
< / form>
< / p>
< / body>
< / html>
代码集2(不介意 $ _ REQUEST 被选中或不被选中):
在这段代码中,我正在做同样的事情,就像它刚好是我的确切名称一样,让它打印出一条特殊消息。
<?php
$ firstname = $ _REQUEST ['firstname'];
$ lastname = $ _REQUEST ['lastname'];
if($ firstname =='Tommy'&& $ lastname ='Loza')
{
echo'欢迎来到我们的网站web master!';
}
else
{
echo'欢迎来到我们的网站'。
htmlspecialchars($ firstname,ENT_QUOTES,'utf-8')。 ''。
htmlspecialchars($姓氏,ENT_QUOTES,'utf-8')。 !;
}
?>
<!DOCTYPE html>
< html lang =en>
< head>
< meta charset =utf-8>
< title>条件查询字符串链接示例< / title>
< / head>
< body>
< p>
< form action =<?php echo $ _SERVER ['PHP_SELF'];?>方法= POST >
< div>< label for =firstname>名字:
< input type =textname =firstnameid =firstname>< / label>
< / div>
< div>< label for =lastname>姓氏:
< input type =textname =lastnameid =lastname>< / label> < / DIV>
< div>< input type =submitvalue =GO>< / div>
< / form>
< / p>
< / body>
< / html>
希望我没有问太多愚蠢的问题,而且这篇文章格式正确。非常感谢SO社区。
Tommy
除非它存在,否则不访问REQUEST索引。如果您不使用if语句,它将尝试访问索引,而不管它是否存在。因此,如果$ _REQUEST ['firstname']不存在,而不是仅仅默认为null,它会给出未定义的索引错误,因为$ _REQUEST是一个数组。
如果你尝试使用一个未定义的变量,它会说Undefined Variable而不是index。
['firstname']< - 这是指数。如果这不存在,它将会出错。
检查它是否为空也不一定是唯一的东西。我还会检查是否设置了名字和姓氏,如下所示:
if(!empty($ _ REQUEST) && isset($ _ REQUEST ['firstname'])&& isset($ _ REQUEST ['lastname'])){
// Code here
}
当然,您可以单独检查它们是否有能力根据丢失的个体抛出单个错误。
- 编辑
另外,您可以执行以下操作:
<$ p $($ _ SERVER ['REQUEST_METHOD'] ==POST){
// code
}
pre>
默认情况下,它被设置为GET。
I'm new to PHP so this might be a simple answer. Hopefully I format this correctly and properly to SO standards (still new to the site.)
I'm working on two sets of very similar code submitting form data and using htmlspecialchars to stop XSS attacks in my very basic beginning PHP book via SitePoint. Simple enough, right.
When working with code set 1, I got an error of undefined index once I changed the form action from
<form action="formpost.php" method="post">
to
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
I searched SO and found that I needed to check if $_REQUEST was empty or not in order for there to be no undefined index and to get rid of that error. If someone can explain that portion to me I'd be very greatful. What perimeters does something need to fall under in order to become an Index? thiking outloud, please don't make fun of me I know I probably sound stupid--> Is it an
Index because $_REQUEST being a $_POST, $_GET and $_COOKIE is an array and data within an array is indexed, 0,1,2,3,etc.?
I understand $_REQUEST could be possibly empty because no $_REQUEST has been made (I suppose?) but, being that no script has been activated by entering data into the form, why would it be expecting data to already be in $_REQUEST?
Code Set 1 (thows error [undefined index] unless the script checks if $_REQUEST is empty):
In this code I'm just allowing the end-user to post their name via the form field or via a string added manually to the url and have it print.
<?php
if( !empty($_REQUEST) )
{
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
echo 'Welcome to our web site, ' .
htmlspecialchars($firstname, ENT_QUOTES, 'utf-8') . ' ' .
htmlspecialchars($lastname, ENT_QUOTES, 'utf-8') . '!';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Query String Link Example</title>
</head>
<body>
<p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div><label for="firstname">First name:
<input type="text" name="firstname" id="firstname"></label>
</div>
<div><label for="lastname">Last name:
<input type="text" name="lastname" id="lastname"></label></div>
<div><input type="submit" value="GO"></div>
</form>
</p>
</body>
</html>
Code Set 2 (does not mind if $_REQUEST is checked or not):
In this code I'm doing the same thing, just if it happens to be my exact name, have it print out a special message.
<?php
$firstname = $_REQUEST['firstname'];
$lastname = $_REQUEST['lastname'];
if ($firstname == 'Tommy' && $lastname='Loza')
{
echo 'Welcome to our web site web master!';
}
else
{
echo 'Welcome to our web site, ' .
htmlspecialchars($firstname, ENT_QUOTES, 'utf-8') . ' ' .
htmlspecialchars($lastname, ENT_QUOTES, 'utf-8') . '!';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Conditional Query String Link Example</title>
</head>
<body>
<p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div><label for="firstname">First name:
<input type="text" name="firstname" id="firstname"></label>
</div>
<div><label for="lastname">Last name:
<input type="text" name="lastname" id="lastname"></label></div>
<div><input type="submit" value="GO"></div>
</form>
</p>
</body>
</html>
Hopefully I didn't ask too many stupid questions and this post is formatted correctly. Thanks a lot SO community.
Tommy
Basically you can't access a REQUEST index unless it exists.
If you don't use the if statement, it's trying to access the index regardless of whether or not it exists. Therefore, if $_REQUEST['firstname'] does not exist, instead of just defaulting to null, it will give the undefined index error, as $_REQUEST is an array.
If you try and use an undefined variable, it'll say "Undefined Variable" instead of "index".
['firstname'] <- This is the index. If this does not exist, it will error.
Checking if it's empty won't necessarily be the only thing either. I'd also be checking to see if firstname and lastname are set, like so:
if(!empty($_REQUEST) && isset($_REQUEST['firstname']) && isset($_REQUEST['lastname'])){
//Code here
}
Of course you can then check them individually for the ability to throw individual errors depending on whichever one is missing.
--Edit
Also, you can do the following:
if($_SERVER['REQUEST_METHOD'] == "POST"){
//code
}
As by default, it is set to "GET".
这篇关于类似的PHP表单代码:如果$ _REQUEST为空,则第一次抛出错误,第二次不会的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
