Home >Backend Development >PHP Tutorial >Study notes of php functions

Study notes of php functions

不言
不言Original
2018-04-17 15:57:091883browse

The content introduced in this article is about the study notes of PHP functions, which has a certain reference value. Now I share it with everyone. Friends in need can refer to it

##$_SERVER["REQUEST_METHOD"]##empty( var)has been assigned data and is not emptyisset(var[,var[,...]])is_null(var)defined(var)1. Empty and isset will first check whether the variable exists, and then detect the variable value. And is_null just checks the variable value directly to see if it is null. preg_match(regular expression, variable)##Related recommendations:
$_SERVER["PHP_SELF"] A super global variable. Returns the file name of the currently executing script.
htmlspacialchars(var) Convert specific characters into HTML entities. Prevents attackers from exploiting code by injecting HTML or JavaScript code into forms (cross-site scripting attacks).

Application: The $_SERVER["PHP_SELF"] variable can be exploited by hackers. If your page uses PHP_SELF, users can enter an underscore and execute cross-site scripting (XSS).

Tip: Cross-site scripting (XSS) is a type of computer security vulnerability that is common in web applications. XSS enables attackers to enter client-side scripts into web pages browsed by other users.

Example: There is a form in the test.php page:

<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">

If the address bar is a normal URL: hhtp://www.example.com/test.php, the above code will be converted to :

<form method="post" action="test.php">

Once you enter: http://www.example.com/test.php/"><script>alert('hacked')</script>, the above code will be converted into:

<form method="post" action="test.php"/><script>alert(&#39;hacked&#39;);</script>

Use the htmlspecialchars() function to avoid the above situation. Form code:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

At this time, enter http://www.example.com/test.php/"><script>alert('hacked' )</script>, the above code will be converted into:

<form method="post" action="test.php/"><script>alert(&#39;hacked&#39;)</script>"
cannot be used and does no harm.
trim(var) Remove extra spaces, tabs, and newlines
stripslashes(var) Remove backslash (\)
Determine whether the variable. ‘’, null, false, 00, 0, '0', undefined, array(), and var $var all return true.
Check whether the variable has been declared. Returns true for undefined variables. After unsetting a variable, the variable is canceled.
Check whether a value, variable, or expression is null. Passing in undefined variables will also return true, but an error will be reported!
Check whether the constant has been declared.

2. The empty and isset input parameters must be a variable, while the is_null input parameter can have a return value (constant, variable, expression, etc.) as long as it can have a return value. In the PHP manual, their analysis is: empty, isset is a language structure rather than a function, so it cannot be called by variable functions.

Retrieve the pattern of the string, return true if the pattern exists, otherwise return false.

10 little-known but very Useful PHP functions

php function does not define parameter method


The above is the detailed content of Study notes of php functions. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn