Home >Backend Development >PHP Tutorial >Discuss how to obtain submitted data in PHP variable parsing order_PHP tutorial

Discuss how to obtain submitted data in PHP variable parsing order_PHP tutorial

WBOY
WBOYOriginal
2016-07-15 13:35:14741browse

Since the link URL of the submission was not informed after submission, this BUG has survived to this day. However, this BUG does not appear in every submission. After several tests, it was found that it only occurs when multiple submissions are made in a row. Since the submitted form was relatively complex and was entered in several parts, it was suspected that an error occurred in the middle part.

The troubleshooting process starts with var_dump($_REQUEST) in each process, then the error link is found during the second consecutive submission. In the process of submitting the first form to the second form, the $_REQUEST array Change occurs. At this point, we need to take another look at the $_REQUEST array:

The manual says it contains variables submitted to the script via GET, POST and COOKIE mechanisms, so this array is not trustworthy. In this way, var_dump($_REQUEST) is decomposed into var_dump($_POST), var_dump($_GET), and var_dump($_COOKIE). The problem becomes clearer. It turns out that in order to save values ​​between multiple page forms, COOKIE was tried. Although the COOKIE is destroyed when the SESSION ends without setting the expire item, if multiple advertisements are submitted continuously in a session, the value of the form POST will be overwritten by the value previously saved in the COOKIE. The reason why there is only a partial error is that When saving to COOKIE, the COOKIE variable names are prefixed, except for the url variable, which still uses the same variable name.

The problem has been found, but there are new questions. With the same variable name, why does COOKIE cover POST and not the other way around? So we finally come to the variables_order setting item mentioned in the title. The original text in php.ini is as follows:

This directive describes the order in which PHP registers GET, POST, Cookie,
Environment and Built-in variables (G, P, C, E & S respectively, often
referred to as EGPCS or GPC). Registration is done from left to right, newer
values ​​override older values.

means that Settings describe the order of PHP parsing variables, including $_GET, $_POST, $_COOKIE, $_ENV, $_SERVER array.
The parsing order is from left to right, and the new value overwrites the old value after parsing. The default setting is EGPCS (Environment, GET, POST, Cookie, Server).
If it is set to "GP", it will cause PHP to completely ignore environment variables, cookies and server variables, and overwrite the variables of the same name of the GET method with variables of the POST method.

Conclusion:

As the manual says, $_REQUEST is an array that is not trustworthy. To try to avoid similar problems, you should explicitly use the $_POST or $_GET array when getting the submitted value.

In special cases, you can adjust the variables_order setting so that you can always get the submission data you want.


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445938.htmlTechArticleSince the link URL of the submission was not informed after submission, this BUG has survived to this day. However, this BUG does not appear in every submission. After several tests, it was found that only in...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn