当前位置: 首页 » php

Reliability of PHP'S $

I'm building a site that is designed to be administered from localhost, but contains pages that expose data to internet or local network users. Can I rely on PHP's $_SERVER['REMOTE_ADDR'] as a secure/reliable way of identifying the user as localhost? Thanks! Edit: To clarify, I am only concerned with determining whether or not the request originates from localhost (perhaps the

2018-06-14 21:02:58

PHP的$可靠性

我正在构建一个旨在从本地主机进行管理的站点,但其中包含向互联网或本地网络用户公开数据的页面。 我可以依靠PHP的$ _SERVER ['REMOTE_ADDR']作为将用户标识为本地主机的安全/可靠方式吗? 谢谢! 编辑:澄清,我只关心确定请求是否来自本地主机(也许有更好的方法)。 该变量充满了Apache(或另一个Web服务器守护进程)提供的数据,并且应该可靠地识别连接另一端的IP地址,是的。 检查127.xxx(几乎总是127.0.0

2018-06-14 21:02:58

SERVER variables are safe?

Any variable that a user can control, an attacker can also control and is therefore a source of an attack. This is called a "tainted" variable, and is unsafe. When using $_SERVER , many of the variables can be controlled. PHP_SELF , HTTP_USER_AGENT , HTTP_X_FORWARDED_FOR , HTTP_ACCEPT_LANGUAGE and many others are a part of the HTTP request header sent by the client. Does anyone kn

2018-06-14 21:01:55

SERVER变量是安全的吗?

任何用户可以控制的变量,攻击者也可以控制并因此成为攻击的来源。 这被称为“污染”变量,并且是不安全的。 使用$_SERVER ,可以控制许多变量。 PHP_SELF , HTTP_USER_AGENT , HTTP_X_FORWARDED_FOR , HTTP_ACCEPT_LANGUAGE以及许多其他信息都是客户端发送的HTTP请求标头的一部分。 有谁知道一个“安全列表”或$_SERVER变量的无名列表? 没有像这样的“安全”或“不安全”价值的东西。 只有服务器控制的值和用户控制的值,

2018-06-14 21:01:55

POST vs. $

Some guy called one of my Snipplr submissions "crap" because I used if ($_SERVER['REQUEST_METHOD'] == 'POST') instead of if ($_POST) Checking the request method seems more correct to me because that's what I really want to do. Is there some operational difference between the two or is this just a code clarity issue? Well, they don't do the same thing, really

2018-06-14 21:00:48

POST与$

有些人称我的一个Snipplr提交“垃圾”,因为我使用if ($_SERVER['REQUEST_METHOD'] == 'POST')而不是if ($_POST) 检查请求方法似乎对我更为正确,因为这正是我真正想要做的。 这两者之间有一些运营差异还是仅仅是代码清晰度问题? 那么,他们真的不这样做。 $_SERVER['REQUEST_METHOD']包含请求方法(意外)。 $_POST包含任何发布数据。 POST请求可能不包含POST数据。 我检查了请求方法 - 我

2018-06-14 21:00:47

is this bulletproof to get the url with alias

I am working with apache mod_alias so using HTTP_POST doesn't give me the alias plus with HTTPS it's not there. The below line seems to work but could it fail? I understood SERVER_NAME needs to be configured on server but provided it is this ok? $site_url = $_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["SERVER_NAME"] . $_SERVER["CONTEXT_PREFIX"]; I use: $_SERVER['REQUEST_SCHEME'].':/

2018-06-14 20:59:45

这是防弹,以获得与别名的网址

我正在使用Apache mod_alias,所以使用HTTP_POST不会给我别名加上HTTPS它不在那里。 下面的行似乎工作,但它可能会失败? 我明白SERVER_NAME需要在服务器上进行配置,但前提是这样可以吗? $site_url = $_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["SERVER_NAME"] . $_SERVER["CONTEXT_PREFIX"]; 我用: $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] 输出示例: https://example.

2018-06-14 20:59:44

SERVER['HTTP

I did a lot of searching and also read the PHP $_SERVER docs. Do I have this right regarding which to use for my PHP scripts for simple link definitions used throughout my site? $_SERVER['SERVER_NAME'] is based on your web servers config file (Apache2 in my case), and varies depending on a few directives: (1) VirtualHost, (2) ServerName, (3) UseCanonicalName, etc. $_SERVER['HTTP_

2018-06-14 20:57:37

SERVER ['HTTP

我做了很多搜索,并且还阅读了PHP $ _SERVER文档。 我是否有权利使用我的PHP脚本来使用我的网站中使用的简单链接定义? $_SERVER['SERVER_NAME']基于你的Web服务器配置文件(在我的情况下是Apache2),并且取决于几个指令:(1)VirtualHost,(2)ServerName,(3)UseCanonicalName等 $_SERVER['HTTP_HOST']基于来自客户端的请求。 因此,在我看来,为了使我的脚本尽可能兼容,使用正确的脚本将是$_SER

2018-06-14 20:57:36

Circular matching. PHP / MySql

Hi I need some help with the following scenario in php. I have a db with users every user has an ID, have_card and want_card. I know how to make a direct match (one user trades with another user). But if there is no direct match but there is a circular swap like: User #1 has card A wants card B User #2 has card B wants card C User #3 has card C wants card A In this scenario there is no

2018-06-14 20:55:28

循环匹配。 PHP / MySql

您好,我需要一些帮助在php下面的情况。 我有一个数据库与用户每个用户有一个ID,have_card和want_card。 我知道如何进行直接匹配(一位用户与另一位用户进行交易)。 但是如果没有直接的匹配,但是有一个像下面这样的循环交换: 用户#1有卡A想要卡B. 用户#2有卡B想要卡C. 用户#3有卡C想要卡A. 在这种情况下,两个用户之间没有直接的匹配。 但是,如果: 用户#1将他的卡片给予用户#3 用户#3将他的卡片给予

2018-06-14 20:55:27

protecting adobe air apps

I am about to deliver an Adobe AIR app to a customer. But it's my first delivery of any sort, Ie I have no experience whatsoever with licensing etc. Users of this app may or may not be online, so can't count on that. In fact it's 99% sure that they will be offline. Nor do I expect them to very tech-savvy, who will spend enough time scouting for ways to "crack" it. So

2018-06-14 20:52:18

保护Adobe空气应用程序

我即将向客户提供Adobe AIR应用程序。 但这是我第一次交付任何东西,也就是说,我没有任何许可经验等等。 这个应用程序的用户可能会或可能不会在线,所以不能指望。 事实上,99%的人确信他们将离线。 我也不指望他们非常懂技术,谁会花费足够的时间寻找方法来“破解”它。 那么,是否有保护这款应用的方式? 也就是说,我不希望人们简单地复制安装文件夹,将它放到另一台机器上并运行它。 它应该比这更难一些。 哦,

2018-06-14 20:52:17

How can i get src alone from Image tag using php?

Possible Duplicate: How to extract img src, title and alt from html using php? <img width="200" height="300" src="http://runapvo.apivo.com/files/2011/06/2444-200x300.jpg" class="attachment-medium" alt="2444" title="2444" /> From this image tag I need to take src alone. How can I do this? Is there any predefined functions available?... Load it into a DOM tree with loadHtml and do an

2018-06-14 19:56:56

我怎样才能从图像标签使用PHP单独src?

可能重复: 如何从HTML中使用PHP提取img src,title和alt? <img width="200" height="300" src="http://runapvo.apivo.com/files/2011/06/2444-200x300.jpg" class="attachment-medium" alt="2444" title="2444" /> 从这个图片标签我需要独自采取src 。 我怎样才能做到这一点? 有没有预定义的功能?... 使用loadHtml它加载到DOM树中,并对其执行xpath,或者如果结构始终相同,则直接遍历它。 看到如何使用PHP

2018-06-14 19:56:55

Is process forking in PHP / Apache a good idea?

I'm writing a simple application in PHP which needs to occasionally carry out a fairly intensive set of MySQL updates. I don't particularly want this to cause a delay for the user, so I'm wondering about using pcntl_fork(). I'm not sure how this really works though: will the child process continue running after the parent process finishes? Will the parent process end, and the

2018-06-14 19:49:37

PHP / Apache中的进程分叉是一个好主意吗?

我正在用PHP编写一个简单的应用程序,它需要偶尔执行一组相当密集的MySQL更新。 我不特别希望这会导致用户延迟,所以我想知道使用pcntl_fork()。 我不确定它是如何工作的:父进程完成后,子进程是否继续运行? 父进程是否会结束,并且在子进程完成之前用户的页面加载完全? 换句话说,这是一种安全的方式,让PHP脚本(在Apache下运行)在不延迟用户的情况下做一些耗时的更新,或者我应该让用户忍受一些延迟? 父进程将结

2018-06-14 19:49:36

Parallel mysql queries in php?

I am sharding my data into multiple mysql databases, but sometimes I will need to gather information from multiple shards. How can I query multiple mysql databases in parallel in php? I've seen some examples of asynchronous curl requests and shell_exec, but is there a more direct way? The new mysqlnd driver can perform asynchronous queries. Documentation is sparse, but there are some ex

2018-06-14 19:47:31

并行MySQL查询在PHP?

我将我的数据分成多个mysql数据库,但有时我需要从多个分片收集信息。 如何在php中并行查询多个mysql数据库? 我见过一些异步curl请求和shell_exec的例子,但是有更直接的方法吗? 新的mysqlnd驱动程序可以执行异步查询。 文档很少,但在演示文稿中有一些例子(也涉及分片)。

2018-06-14 19:47:31