PHP $ _REQUEST $ _GET或$ _POST [英] PHP $_REQUEST $_GET or $_POST

问题描述

说我有一个表单：

 < form action =form.php？redirect = falsemethod =交的> 
< input type =hiddenname =redirectvalue =true/> 
< input type =submit/> 
< / form> 
  

在form.php上：

<$ p $ （$ _ POST ['redirect']）// true
var_dump（$ _ REQUEST ['redirect']）// false
var_dump（$ _ POST ['redirect']） ]）// true

如何获取注入的查询字符串参数来覆盖 $ _ POST 值如此 $ _ REQUEST ['redirect'] will = false ？

解决方案

如果你想改变 $ _ GET的优先级在 $ _ REQUEST 数组中，c $ c> $ _ POST ，更改request_order 指令在php.ini中。

默认值是：

  request_order =GP
  

P表示POST，G表示GET，后面的值具有优先级，因此在此配置中，查询字符串中的值将覆盖POST中传递的值 $ _REQUEST 数组。如果您希望POST覆盖GET值，只需像下面这样切换它们：

  request_order =PG
  

您需要重新启动webserver / php才能生效。

（编辑为使用更合适的 request_order 作为布拉德建议，而不是 variables_order ）

Say I have a form:

<form action="form.php?redirect=false" method="post">
    <input type="hidden" name="redirect" value="true" />
    <input type="submit" />
</form>

On form.php:

var_dump($_GET['redirect']) // false
var_dump($_POST['redirect']) // true
var_dump($_REQUEST['redirect']) // true

How do I get the injected query string parameter to override the $_POST value so $_REQUEST['redirect'] will = false ?

解决方案

If you want to change precedence of $_GET over $_POST in the $_REQUEST array, change the request_order directive in php.ini.

The default value is:

request_order = "GP"

P stands for POST and G stands for GET, and the later values have precedence, so in this configuration, a value in the query string will override a value passed by POST in the $_REQUEST array. If you want POST to override GET values, just switch them around like so:

request_order = "PG"

You'll need to restart the webserver/php for that to take effect.

(Edited to use the more appropriate request_order as Brad suggested, rather than variables_order)

这篇关于PHP $ _REQUEST $ _GET或$ _POST的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！