PHP input Stream php://input usage instructions (1/2)

Source: Internet
Author: User
Tags http post http request php and

For a php://input introduction, the PHP Official Handbook document has a very clear overview of it.

"Php://input allows to read raw POST data. It is a less memory intensive alternative to $HTTP _raw_post_data and does no need any special php.ini. Php://input is isn't available with enctype= "Multipart/form-data".

Translation over, is this:

"Php://input can read post data that has not been processed. Compared to $http_raw_post_data, it brings less pressure on memory and does not require special php.ini settings. Php://input cannot be used for Enctype=multipart/form-data "


What should we do to understand this overview?! I divided it into three parts, gradually to understand.

Reading post data
cannot be used for multipart/form-data types
Php://input VS $HTTP _raw_post_data
Reading post data
Phper must be familiar with the built-in variable $_post. What are the correlations and differences between $_post and php://input? In addition, the client interacts with the server side of the data, the most commonly used method in addition to post, there are get. Since Php://input is a PHP input stream, does it read get data? These two questions are the main elements that we need to explore in this section.
Experience tells us that it is a very effective way to summarize the tests and observations. Here, I wrote a few scripts to help us test.

@file 192.168.0.6:/phpinput_server.php to print out the received data
@file 192.168.0.8:/phpinput_post.php simulation submits form data by post method
@file 192.168.0.8:/phpinput_xmlrpc.php Impersonation to issue a XMLRPC request with a POST method.
@file 192.168.0.8:/phpinput_get.php simulate the number of forms submitted by a Get method
Phpinput_server.php and phpinput_post.php

The code is as follows Copy Code
<?php
@file phpinput_server.php
$raw _post_data = file_get_contents (' php://input ', ' R ');
echo "-------$_post------------------n";
echo Var_dump ($_post). "N";
echo "-------php://input-------------n";
Echo $raw _post_data. "N";
?>

<?php
@file phpinput_post.php
$http _entity_body = ' n= '. UrlDecode (' Perfgeeks '). ' &amp;p= '. UrlDecode (' 7788 ');
$http _entity_type = ' application/x-www-form-urlencoded ';
$http _entity_length = strlen ($http _entity_body);
$host = ' 192.168.0.6 ';
$port = 80;
$path = '/phpinput_server.php ';
$fp = Fsockopen ($host, $port, $error _no, $error _desc, 30);
if ($fp) {
Fputs ($fp, "POST {$path} http/1.1rn");
Fputs ($FP, "Host: {$host}rn");
Fputs ($FP, "Content-type: {$http _entity_type}rn");
Fputs ($FP, "content-length: {$http _entity_length}rn");
Fputs ($fp, "connection:closernrn");
Fputs ($fp, $http _entity_body. "Rnrn");

while (!feof ($fp)) {
$d. = Fgets ($fp, 4096);
}
Fclose ($FP);
Echo $d;
}
?>


We can grab the HTTP request pack by using the tool Ngrep (because we need to be able to detect the php://input, so we only crawl the HTTP requests packet here). We're going to execute the test script phpinput_post.php

The code is as follows Copy Code
@php/phpinput_post.php
http/1.1 OK
Date:thu, APR 03:23:36 GMT
server:apache/2.2.3 (CentOS)
x-powered-by:php/5.1.6
content-length:160
Connection:close
content-type:text/html; Charset=utf-8
-------$_post------------------
Array (2) {
["N"]=> string (9) "Perfgeeks"
["P"]=> string (4) "7788"
}
-------Php://input-------------
n=perfgeeks&p=7788

The HTTP request packets captured via Ngrep are as follows:

T 192.168.0.8:57846-> 192.168.0.6:80 [AP]
post/phpinput_server.php http/1.1.
Host:192.168.0.6..content-type:application/x-www-form-urlencoded.. Co
ntent-length:18..connection:close....n=perfgeeks&p=7788 .....
Careful observation, we are not difficult to find
1,$_post data, php://input data is "consistent" with httpd entity body data
The Content-type in the 2,http request is application/x-www-form-urlencoded, which means that the data in the body of the HTTP request is the form data submitted using the HTTP POST method and is UrlEncode () processing.
(Note: Note The bold part of the content, no longer prompted below).

Home 1 2 last page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.