PHP变量的URL参数 [英] URL Parameters to PHP Variables
问题描述
问题:URL参数会自动假定具有相同名称的PHP变量值。例如,我有一个名为'var_name'的参数,如下所示:
http://www.example.com?var_name=abc123
以及一个包含一个名为variable的单行PHP脚本'var_name',像这样:
echo $ var_name;
然后我得到页面上的输出: abc123
这是PHP页面中唯一的代码!这种行为正是我期望$ _GET的工作原理,但我没有使用它。
我只在1个特定的服务器上运行PHP 5.2。我已经在其他4台服务器上进行了测试,没有发生这种情况我认为这是一个PHP配置问题,但运行默认配置,并找不到配置文件中的任何内容。请帮助。
在此先感谢您。
Matt -
这被称为注册全局变量。如果服务器注册全局变量,那么你可以这样做。
我建议不要在任何服务器上注册全局变量。因为它可能会在系统中引入安全漏洞。
一个安全漏洞的例子。
if($ auth == true)
{
//敏感的东西在这里
}
如果auth只是一个常规变量,那么我可以在URL中执行此操作。
http://www.example.com/page.php?auth=true
并查看敏感信息。
I've been doing PHP for a while now, never needed assistance, but totally confused this time. I have a single line of code with one echo statement.
Problem: URL parameters are automatically assuming PHP variable values of the same name. For example, I have a URL with a parameter named 'var_name' like this:
http://www.example.com?var_name=abc123
and a 1-line PHP script with a variable named 'var_name', like this:
echo $var_name;
then I get output on the page of: abc123
This is the only code in the PHP page! This behavior is exactly how I expect $_GET to work, but I'm not using it.
I am having this problem only on 1 specific server, which is running PHP 5.2. I have tested on 4 other servers, none have this behavior. I assume it's a PHP config issue, but running default config and can't find anything in config documention. Please help.
Thanks in advance. Matt-
This is called register globals. If a server has register globals turned on, then you can do this.
I would recommend not to have register globals on any server. Since it can introduce a security flaw in your system.
An example of a security flaw with this.
if($auth == true)
{
// sensitive stuff here
}
If auth is just a regular variable, then I can do this in the URL.
And see the sensitive information.
这篇关于PHP变量的URL参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
