PHP $ _REQUEST $ _GET或$ _POST [英] PHP $_REQUEST $_GET or $_POST
问题描述
< form action =form.php?redirect = falsemethod =交的>
< input type =hiddenname =redirectvalue =true/>
< input type =submit/>
< / form>
在form.php上:
<$ p $ ($ _ POST ['redirect'])// true
var_dump($ _ REQUEST ['redirect'])// false
var_dump($ _ POST ['redirect']) ])// true
如何获取注入的查询字符串参数来覆盖 $ _ POST
值如此 $ _ REQUEST ['redirect']
will = false
?
如果你想改变 $ _ GET的优先级
在 $ _ REQUEST
数组中,c $ c> $ _ POST ,更改request_order 指令在php.ini中。
默认值是:
request_order =GP
P表示POST,G表示GET,后面的值具有优先级,因此在此配置中,查询字符串中的值将覆盖POST中传递的值 $ _REQUEST
数组。如果您希望POST覆盖GET值,只需像下面这样切换它们:
request_order =PG
您需要重新启动webserver / php才能生效。
(编辑为使用更合适的 request_order 作为布拉德建议,而不是 variables_order )
Say I have a form:
<form action="form.php?redirect=false" method="post">
<input type="hidden" name="redirect" value="true" />
<input type="submit" />
</form>
On form.php:
var_dump($_GET['redirect']) // false
var_dump($_POST['redirect']) // true
var_dump($_REQUEST['redirect']) // true
How do I get the injected query string parameter to override the $_POST
value so $_REQUEST['redirect']
will = false
?
If you want to change precedence of $_GET
over $_POST
in the $_REQUEST
array, change the request_order directive in php.ini.
The default value is:
request_order = "GP"
P stands for POST and G stands for GET, and the later values have precedence, so in this configuration, a value in the query string will override a value passed by POST in the $_REQUEST
array. If you want POST to override GET values, just switch them around like so:
request_order = "PG"
You'll need to restart the webserver/php for that to take effect.
(Edited to use the more appropriate request_order as Brad suggested, rather than variables_order)
这篇关于PHP $ _REQUEST $ _GET或$ _POST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!