PHP:根据hashtag创建变量 [英] PHP: Create variable based on hashtag
问题描述
我使用本教程创建ajax网站并正在与PHP挣扎。这是提供的代码:
PHP
if(!$ _ POST ['page'])die(0);
$ page =(int)$ _ POST ['page'];
if(file_exists('pages / page _'。$ page。'。html'))
echo file_get_contents('pages / page _'。$ page。'。html');
else echo'没有这样的页面!';
我想使用除 page_1.html之外的命名结构
page_2.html 等。我的HTML看起来像这样: HTML
< ul id =navigation>
< li>< a href =#home>主页< / a>< / li>
< li>< a href =#about>关于< / a>< / li>
< li>< a href =#services>服务< / a>< / li>
< li>< a href =#page4>第4页< / a>< / li>
< / ul>
现在唯一可以运作的链接是'第4页'。如何重写PHP,以便前三个链接可以工作?
Javascript
var default_content =; (函数(e));函数()函数()函数()函数{
checkURL(this.hash);
});
//填入默认内容
default_content = $( '#pageContent')。html();
setInterval(checkURL(),250);
});
var lasturl =;
函数checkURL(hash)
{
if(!hash)hash = window.location.hash;
if(hash!= lasturl)
{
lasturl = hash;
// FIX - 如果我们使用历史按钮返回主页,
//用default_content
填充pageContent if(hash = =)
$('#pageContent')。html(default_content);
else
loadPage(hash);
函数loadPage(url)
{
url = url.replace('#page','') ;
$('#loading')。css('visibility','visible');
$ .ajax({
type:POST,
url:load_page.php,
data:'page ='+ url,
dataType:html,
成功:函数(msg){
if(parseInt(msg)!= 0)
{
$(' pageContent')。html(msg);
$('#loading')。css('visibility','hidden');
}
}
});
$ / code $ / pre
解决方案 page4 可以工作,因为它期望脚本被命名为 page_number.html 。您的家庭,about,services 不符合该模式。为了使它们正常工作,您需要将 file_get_contents()调用更改为允许 page / anything.html
第一件要修改的功能是:
function loadPage(url)
{
//而不是剥离#page,只有
//剥离#来使用URL的其余部分
url = url。更换('#','');
$('#loading')。css('visibility','visible');
$ .ajax({
type:POST,
url:load_page.php,
data:'page ='+ url,
dataType:html,
成功:函数(msg){
if(parseInt(msg)!= 0)
{
$(' pageContent')。html(msg);
$('#loading')。css('visibility','hidden');
}
}
});
}
现在,这会在PHP中引入安全风险。您需要验证 $ _ POST ['page'] 的值是严格字母数字,因此没有人可以注入像 ../这样的文件名。 ./../../ somefile 来读取您的文件系统。使用下面的表达式可以让您用任何字母和数字字符命名文件,但会拒绝点和空字节,这是文件路径注入/目录遍历攻击。
if ($ _POST ['page']))die(0);
//删除类型转换,以便使用整个字符串
// $ page =(int)$ _ POST ['page'];
//只需使用post val。这是安全的,因为我们将在使用前使用preg_match()对其进行验证...
$ page = $ _POST ['page'];
//在读取文件系统前验证它为字母数字
if(preg_match('/ ^ [a-z0-9] + $ / i',$ _POST ['page'] )&& file_exists('pages /'.$ page。'。html')){
//移除page_使用整个事物
echo file_get_contents('pages /'.$ page 'HTML。');
}
else echo'没有这样的页面!';
I'm using this tutorial to create an ajax site and am struggling with the PHP. This is the provided code:
PHP
if(!$_POST['page']) die("0");
$page = (int)$_POST['page'];
if(file_exists('pages/page_'.$page.'.html'))
echo file_get_contents('pages/page_'.$page.'.html');
else echo 'There is no such page!';
I would like to use a naming structure other than page_1.html, page_2.html etc. My HTML looks like this:
HTML
<ul id="navigation">
<li><a href="#home">Home</a></li>
<li><a href="#about">About</a></li>
<li><a href="#services">Services</a></li>
<li><a href="#page4">Page 4</a></li>
</ul>
Right now the only link that's working is 'Page 4'. How would I rewrite the PHP so that the first three links would work?
Javascript
var default_content="";
$(document).ready(function(){
checkURL();
$('ul li a').click(function (e){
checkURL(this.hash);
});
//filling in the default content
default_content = $('#pageContent').html();
setInterval("checkURL()",250);
});
var lasturl="";
function checkURL(hash)
{
if(!hash) hash=window.location.hash;
if(hash != lasturl)
{
lasturl=hash;
// FIX - if we've used the history buttons to return to the homepage,
// fill the pageContent with the default_content
if(hash=="")
$('#pageContent').html(default_content);
else
loadPage(hash);
}
}
function loadPage(url)
{
url=url.replace('#page','');
$('#loading').css('visibility','visible');
$.ajax({
type: "POST",
url: "load_page.php",
data: 'page='+url,
dataType: "html",
success: function(msg){
if(parseInt(msg)!=0)
{
$('#pageContent').html(msg);
$('#loading').css('visibility','hidden');
}
}
});
}
解决方案 Only the page4 works, because it is expecting the scripts to be named like page_number.html. Your home, about, services do not match that pattern. To make them work as well, you would need to change the file_get_contents() call to allow page/anything.html.
The first thing to modify is the function which posts:
function loadPage(url)
{
// Instead of stripping off #page, only
// strip off the # to use the rest of the URL
url=url.replace('#','');
$('#loading').css('visibility','visible');
$.ajax({
type: "POST",
url: "load_page.php",
data: 'page='+url,
dataType: "html",
success: function(msg){
if(parseInt(msg)!=0)
{
$('#pageContent').html(msg);
$('#loading').css('visibility','hidden');
}
}
});
}
Now, this introduces a security risk in PHP. You need to validate that the value of $_POST['page'] is strictly alphanumeric so that no one can inject a filename like ../../../../somefile to read your filesystem. Using the expression below will allow you to name your files with any alphabetic and numeric characters, but will reject dots and null bytes, which are the primary dangers in a file path-injection / directory traversal attack.
if(empty($_POST['page'])) die("0");
// Remove the typecast so you can use the whole string
//$page = (int)$_POST['page'];
// Just use the post val. This is safe because we'll validate it with preg_match() before use...
$page = $_POST['page'];
// And validate it as alphanumeric before reading the filesystem
if (preg_match('/^[a-z0-9]+$/i', $_POST['page']) && file_exists('pages/'.$page.'.html')) {
// Remove the page_ to use the whole thing
echo file_get_contents('pages/'.$page.'.html');
}
else echo 'There is no such page!';
这篇关于PHP:根据hashtag创建变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
