When xml-rpc is used, the server obtains client data mainly through the php input stream input instead of the $ _ POST array. Therefore, we mainly discuss the php input stream php: input. in the following example, we extract... when using xml-rpc, the server obtains client data mainly through the php input stream input instead of the $ _ POST array. Therefore, we mainly discuss the php input stream php: // input.
The following example extracts a piece of code from wordpress, which is useful for http: // input. you can further study the code as follows:
if (!isset( $HTTP_RAW_POST_DATA ) ) { $HTTP_RAW_POST_DATA = file_get_contents('php://input'); } // fix for mozBlog and other cases where xml isn't on the very first line if ( isset($HTTP_RAW_POST_DATA) ) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
For php: // input introduction, the PHP official manual provides a clear overview of it, as follows:
"Php: // input allows you to read raw POST data. it is a less memory intensive alternative to $ HTTP_RAW_POST_DATA and does not need any special php. ini directives. php: // input is not available with enctype = "multipart/form-data ".
Translated into Chinese:
"Php: // input can read POST data that has not been processed. compared with $ HTTP_RAW_POST_DATA, it puts less pressure on the memory and does not require special php. ini setting. php: // input cannot be used for enctype = multipart/form-data ".
PHPer who reads POST data must be familiar with the built-in variable $ _ POST. what are the associations and differences between $ _ POST and php: // input? In addition, the most common method for the client to interact with the server is POST, and GET. since php: // input is used as the PHP input stream, can it read GET data? These two questions are what we need to discuss in this section.
Experience tells us that summing up from testing and observation will be a very useful method. here, I wrote a few scripts to help us test.
@ File 192.168.0.6:/phpinput_server.php print the received data
@ File 192.168.0.8:/phpinput_post.php simulate submitting form data using the POST method
@ File 192.168.0.8:/phpinput_xmlrpc.php simulate the POST method to issue the xmlrpc request.
@ File 192.168.0.8:/phpinput_get.php simulate using the GET method to submit the number of forms. phpinput_server.php and phpinput_post.php
The php instance code is as follows:
We can use ngrep to capture the http Request packet, because we need to know php: // input, so here we only capture the http Request packet, we will execute the test script phpinput_post.php, the code is as follows:
@ Php/phpinput_post.phpHTTP/1.1 200 OK Date: Thu, 08 Apr 2010 03:23:36 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Content-Length: 160 Connection: close Content-Type: text/html; charset = UTF-8 ------- $ _ POST ------------------ array (2) {["n"] => string (9) "perfgeeks" ["p"] => string (4) "7788"} ------- php: // input ------------- n = perfgeeks & p = 7788 http request packet captured through ngrep: T 192.168.0.8: 57846-> 192.168.0.6: 80 [AP] POST/phpinput_server.php HTTP/1. 1 .. host: 192.168.0.6 .. content-Type: application/x-www-form-urlencoded .. co ntent-Length: 18 .. connection: close .... n = perfgeeks & p = 7788 ....
It is not difficult to find out after careful observation.
1, $ _ POST data, php: // the input data is "consistent" with the httpd entity body data
2. the Content-Type in the http request is application/x-www-form-urlencoded, which indicates that the data in the http request body is the form data submitted using the http post method, and urlencode () is processed.
Let's take a look at the original file content of the script phpinput_xmlrpc.php. it simulates an xml-rpc request submitted by the POST method. the code is as follows:
Similarly, let's execute this test script with the following code:
@php /phpinput_xmlrcp.phpHTTP/1.1 200 OK Date: Thu, 08 Apr 2010 03:47:18 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Content-Length: 154 Connection: close Content-Type: text/html; charset=UTF-8 -------$_POST------------------ array(0) { } -------php://input-------------
jt_userinfo
When executing this script, the http request packet captured through ngrep is as follows:
T 192.168.0.8:45570 -> 192.168.0.6:80 [AP] POST /phpinput_server.php HTTP/1.1.. Host: 192.168.0.6..Content-Type: text/html..Content-Length: 75..Connec tion: close....
.
.
jt_userinfo< /name>.
....
Similarly, I can easily find that:
1. the Content-Type in the http request is text/xml, indicating that the body data in the http request is in xml format.
2. the server $ _ POST prints an empty array, which is inconsistent with the http entity body. the Content-Type here is text/xml, instead of application/x-www-form-urlencoded
3. php: // the input data is consistent with the http entity body data, that is, php: // the input data is inconsistent with the $ _ POST data.
Let's take a look at the situation where the form data is submitted using the GET method. can php: // input read the form data of the GET method? Here, we will slightly change the phpinput_server.php file and change $ _ POST to $ _ GET. the code is as follows:
Similarly, we run the next phpinput_get.php test script, which simulates a common GET method to submit form data. the code is as follows:
@php /phpinput_get.phpHTTP/1.1 200 OK Date: Thu, 08 Apr 2010 07:38:15 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Content-Length: 141 Connection: close Content-Type: text/html; charset=UTF-8 -------$_GET------------------ array(2) { ["n"]=> string(9) "perfgeeks" ["p"]=> string(4) "7788" }
-- Php: // input --- at this time, the ngrep tool is used to capture the corresponding http request packet as follows:
T 192.168.0.8:36775 -> 192.168.0.6:80 [AP] GET /phpinput_server.php?n=perfgeeks&p=7788 HTTP/1.1.. Host: 192.168.0.6..Connection: close....
Compare the http requests submitted by the POST method. in the requests submitted by the GET method, the entity body is empty, and Content-Type and Content-Length are not specified. However, if the strong data is http entity body and the Content-Type and Content-Length are specified correctly, php: // input still reads the http entity body data, but not $ _ GET data.
Summary of php: // input usage in practice:
1. php: // input data is consistent with $ _ POST data only when the Content-Type is application/x-www-data-urlencoded.
2. when PHP cannot recognize the Content-Type, it will fill in the corresponding data in the http request package with the variable $ HTTP_RAW_POST_DATA
3. when the Coentent-Type is multipart/form-data, PHP will not fill in the corresponding data in the http request packet in php: // input; otherwise, the length will be entered in other cases, specified by Coentent-Length.
4. Coentent-Type can only be set to application/x-www-data-urlencoded or multipart/form-data, PHP will fill in the corresponding data in the http request packet with the global variable $ _ POST.
5. php: // the input data is always the same as $ HTTP_RAW_POST_DATA, but php: // the input data is more efficient than $ HTTP_RAW_POST_DATA, and php. ini does not require special settings.
6. PHP fills in the query_path part of the PATH field with the global variable $ _ GET. php: // input cannot read the $ _ GET data, because $ _ GET data is written in the PATH field of the http request header as query_path, rather than in the http request body.
Address:
Reprinted at will, but please attach the article address :-)