Introduction to PHP input stream input

When using XML-RPC, the server gets the client data, mainly through the PHP input stream, rather than the $_post array. So, this is mainly about PHP input stream php://input


on a php://input introduction, the PHP Official Handbook document has a very clear overview of it.


"Php://input allows to read raw POST data. It is a less memory intensive alternative to $HTTP _raw_post_data and does no need any special php.ini. Php://input is isn't available with enctype= "Multipart/form-data".


translation Over, is this:


"Php://input can read post data that has not been processed. Compared to $http_raw_post_data, it brings less pressure on memory and does not require special php.ini settings. Php://input cannot be used for Enctype=multipart/form-data "


How do we understand this overview?! I divided it into three parts, gradually to understand.


1. Reading post Data


2. cannot be used for Multipart/form-data type


3. Php://input VS $HTTP _raw_post_data


Read post data


Phper must be very familiar with this built-in variable $_post. What are the correlations and differences between $_post and php://input? In addition, the client interacts with the server side of the data, the most commonly used method in addition to post, there are get. Since Php://input is a PHP input stream, does it read get data? These two questions are the main elements that we need to explore in this section.


Experience tells us that it is a very effective way to summarize the tests and observations. Here, I wrote a few scripts to help us test.


@file 192.168.0.6:/phpinput_server.php Print out the received data


@file 192.168.0.8:/phpinput_post.php Simulate submitting form data by post method

The
@file 192.168.0.8:/phpinput_xmlrpc.php simulates a XMLRPC request with a POST method.


@file 192.168.0.8:/phpinput_get.php Simulate the number of form tables submitted by the Get method


phpinput_server.php and phpinput_post.php


<?php


//@file phpinput_server.php


$raw _post_data = file_get_contents (' php://input ', ' R ');


echo "-------\$_post------------------\ n";


Echo var_dump ($_post). "\ n";


echo "-------php://input-------------\ n";


Echo $raw _post_data. "\ n";


?>


<?php


//@file phpinput_post.php


$http _entity_body = ' n= '. UrlDecode (' Perfgeeks '). ' &p= '. UrlDecode (' 7788 ');


$http _entity_type = ' application/x-www-form-urlencoded ';


$http _entity_length = strlen ($http _entity_body);


$host = ' 192.168.0.6 ';


$port = 80;


$path = '/phpinput_server.php ';


$fp = Fsockopen ($host, $port, $error _no, $error _desc, 30);


if ($fp) {


fputs ($fp, "POST {$path} http/1.1\r\n");


fputs ($fp, "Host: {$host}\r\n");


fputs ($fp, "Content-type: {$http _entity_type}\r\n");


fputs ($fp, "content-length: {$http _entity_length}\r\n");


fputs ($fp, "connection:close\r\n\r\n");


fputs ($fp, $http _entity_body. "\r\n\r\n");


 


while (!feof ($fp)) {


$d. = Fgets ($fp, 4096);


  }


fclose ($FP);


Echo $d;


}


?>


We can grab the HTTP request pack by using the tool Ngrep (because we need to be able to detect the php://input, so we only crawl the HTTP requests packet here). We're going to execute the test script phpinput_post.php