【发布时间】:2019-05-03 16:59:48
【问题描述】:
我无法从 php//input 获取请求参数,它总是返回空字符串。 $_POST 也总是空的,我获得参数的唯一方法是使用 $_REQUEST,我不确定这是否是解决这个问题的正确方法。
var_dump(file_get_contents("php://input"));
返回:string(0) ""
var_dump($_POST);
返回:数组(0){}
var_dump($_REQUEST);
返回:数组(2){ ["ergerg"]=> 字符串(6)“ergerg” [“雷格格”]=> 字符串(6)“ergreg” }
我在 Postman 中的请求如下所示:
POST /api/ajax.php?ergerg=ergerg®ergerg=ergreg
response
Status:200 OK
Time:192 ms
Size:236 B
ajax.php
<?php
include "config.php";
$rest_json = file_get_contents("php://input");
$obj = json_decode($rest_json);
$request = $obj->request;
if($request == 1){
$userData = mysqli_query($con, "select * from rows");
$response = array();
while ($row = mysqli_fetch_assoc($userData)) {
$response[] = $row;
}
echo json_encode($response);
}
if($request == 2){
$platform = $data->platform;
$container1 = $data->container1;
$container2 = $data->container2;
$ZPU1 = $data->ZPU1;
$ZPU2 = $data->ZPU2;
$reportId = $data->reportId;
mysqli_query($con, "INSERT INTO
rows(platform,container1,container2,
ZPU1,ZPU2,reportId)
VALUES('" . $platform . "','" . $container1 . "','" .
$container2 . "','" . $ZPU1 . "','" . $ZPU2 .
"','" . $reportId . "')");
echo "Insert successfully";
}
exit;
在配置文件中只是连接到 mysql 数据库:
config.php
<?php
$host = "localhost"; /* Host name */
$user = "root"; /* User */
$password = "password"; /* Password */
$dbname = "dbname"; /* Database name */
$con = mysqli_connect($host, $user, $password,$dbname);
// Check connection
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
【问题讨论】:
-
您的脚本对SQL Injection Attack 甚至if you are escaping inputs, its not safe! 都是开放的,在
MYSQLI_或PDOAPI 中使用prepared parameterized statements