国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

?? ??? ??

PHP ?? ??? ??

? ???? PHP? ???? ?????? ??? ?? ???? ???? ??? ?????.

PHP ??? ?? ?? ??? ???? ???.

? ???? ??? ??? ???? ?? PHP ?? ???? ?? ??? ?????. ??? ?? ??? ?? ??? ???? ???.

? ?? ??? HTML ???? ?? ?? ??? ???? ????. ??? ??? ??, ??? ?? ? ?? ??? ??? ???.

<!DOCTYPE HTML>
 <html>
 <head>
     <meta charset="utf-8">
     <title>php.cn</title>
     <style>
         .error {color: #FF0000;}
     </style>
 </head>
 <body>
<?php
 // 定義變量并默認(rèn)設(shè)置為空值
 $nameErr = $emailErr = $genderErr = $websiteErr = "";
 $name = $email = $gender = $comment = $website = "";
 
 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
     if (empty($_POST["name"]))
     {
         $nameErr = "名字是必需的";
     }
     else
     {
         $name = test_input($_POST["name"]);
         // 檢測名字是否只包含字母跟空格
         if (!preg_match("/^[a-zA-Z ]*$/",$name))
         {
             $nameErr = "只允許字母和空格";
         }
     }
 
     if (empty($_POST["email"]))
     {
         $emailErr = "郵箱是必需的";
     }
     else
     {
         $email = test_input($_POST["email"]);
         // 檢測郵箱是否合法
         if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
         {
             $emailErr = "非法郵箱格式";
         }
     }
 
     if (empty($_POST["website"]))
     {
         $website = "";
     }
     else
     {
         $website = test_input($_POST["website"]);
         // 檢測 URL 地址是否合法
         if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website))
         {
             $websiteErr = "非法的 URL 的地址";
         }
     }
 
     if (empty($_POST["comment"]))
     {
         $comment = "";
     }
     else
     {
         $comment = test_input($_POST["comment"]);
     }
 
     if (empty($_POST["gender"]))
     {
         $genderErr = "性別是必需的";
     }
     else
     {
         $gender = test_input($_POST["gender"]);
     }
 }
 
 function test_input($data)
 {
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
 }
 ?>
 

?? ?? HTML ?? ??? ???????.

??? ??

"名字", "E-mail", 及"網(wǎng)址"字段為文本輸入元素,"備注"字段是 textarea。HTML代碼如下所示:
“名字”: <input type="text" name="name">
E-mail: <input type="text" name="email">
網(wǎng)址: <input type="text" name="website">
備注: <textarea name="comment" rows="5" cols="40"></textarea>

??? ??

"??" ??? ??? ???? HTML ??? ??? ????.

??:

<input type="radio" name="gender" value="female">??

<input type= "radio" ?? ="gender" value="male">Male


Form ??

HTML ? ??? ??? ????. ??>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">

? ??? method="? ?????. post' ???? ???? ???? ?????.


$_SERVER["PHP_SELF"] ??? ??????


$_SERVER["PHP_SELF"]? ?? ?? ???? ?? ?? ?????. ?? ?? ?? ????. ?? ??? ??? ?? ?????.


??? $_SERVER["PHP_SELF"]? ?? ???? ???? ?? ?? ???? ?? ???? ????.

htmlspecialchars() ???? ??????


htmlspecialchars() ??? ?? ??? ?? ??? HTML ???? ?????.
?? ??? ??? ??? ????.

· &(He)? & amp

· · "(????)? & quot;

? ???. · '(?????)? ??? ????.

·??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??? ??? ?? ??????

$_SERVER["PHP_SELF"] ??? ??? ??? ? ????.

??? ??? ??? ???? HTTP ??? ???? ??? ?? $_SERVER["PHP_SELF"] ?? ??? ????? ?????. ? ??? ??? ??? ????? ?? ?? ??? ???? ?????. ??? $_SERVER["PHP_SELF"] ????? ???? ?? ?? ?? JavaScript? ?????.

XSS? CSS(Cross-Site Script)??? ???. ???? ???? ???? ???? ??? ? ? ???? ?? HTML ??? ???? ?? ???? ???? ???? ???? ???? ??? ??? ???? ?? ?? ??? HTML ??? ?????. >


?? ?? ?? ??? "test_form.php"? ?????.

<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">

?? URL? ???? ?? ??? ?????. test_form.php" ", ? ??? ??? ?? ?????.

<form method="post" action="test_form.php">

?????.

??? ???? ???? ?? ???? ?? ??? ????? ?? ?????.

http://miracleart.cn/test_form.php/%22%3E%3Cscript% 3Ealert ('hacked')%3C/script%3E

? URL? ?? ??? ?? ???? ?????:

<form method="post" action="test_form. php/"><script>alert('hacked')</script>

??? ???? ??? ????, ?? ??? ?????. ? Javascript ??? ???? ??? ? ?????(????? ?? ??? ???). ?? ??? PHP_SELF ??? ??? ??? ? ??? ???? ??? ????.

<script> ???? ?? JavaScript ??? ??? ? ????. ??? ?? ??? ???? ?? ??? ????? ? ????. ?? ??? ?? ??? ????? ???? ?? ???? ?? ? ????.


$_SERVER["PHP_SELF"]? ???? ?? ???? ??? ??????

$_SERVER["PHP_SELF"]? htmlspecialchars( ) ?? .

? ??? ??? ????:

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> ;

htmlspecialchars() ?? ??? ?? ??? HTML ???? ?????. ?? ???? PHP_SELF ??? ????? ?? ??? ??? ?? ?????.

<form method="post" action="test_form.php/"><script>alert( '???') </script>">

? ???? ????? ??? ??????!


PHP? ???? ?? ??? ??? ??

?? PHP? htmlspecialchars() ??? ?? ???? ??? ?? ???? ?????.

htmlspecialchars() ??? ??? ? ???? ?? ??? ??? ????? ???.

<script>location.href('http://miracleart.cn' )< ;/script>

? ??? ??? ?? HTML ????? ??? ????? ???? ????.

<script>location.href('http: / /miracleart.cn')</script>

? ??? ???? ???? ????? ????? ???? ??? ? ????.

???? ??? ???? ?? ? ?? ??? ?????.

1. PHP Trim() ??? ???? ????? ???? ??(?: ??, ?)? ?????. ?? ???, ??).

2. PHP ??????() ??? ???? ??? ?? ????? ????? ?????()

????, ??? ?? ??? ??? ??? ??? ??? ??? ?????. ??? ??? ????? ?? ??? ? ????.

?? ??? test_input()?? ?????.

?? test_input() ??? ?? $_POST? ?? ??? ??? ? ????. ???? ??? ??? ????.

?

<?php
 // 定義變量并默認(rèn)設(shè)置為空值
 $name = $email = $gender = $comment = $website = "";
 
 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
   $name = test_input($_POST["name"]);
   $email = test_input($_POST["email"]);
   $website = test_input($_POST["website"]);
   $comment = test_input($_POST["comment"]);
   $gender = test_input($_POST["gender"]);
 }
 
 function test_input($data)
 {
   $data = trim($data);
   $data = stripslashes($data);
   $data = htmlspecialchars($data);
   return $data;
 }
 ?>

? ????? ?? $_SERVER["REQUEST_METHOD"]? ???? ??? ?????? ??? ?????. REQUEST_METHOD? POST?? ??? ???? ???? ???? ?????. ??? ???? ??? ??? ??? ???? ???? ?????.

1. PHP Trim() ??? ???? ??? ?? ????? ???? ??(?: ??, ?, ? ??)? ?????.

2. PHP ??????() ??? ???? ??? ?? ???()?? ????()? ?????

3. test_input() ??? ???? $_POST? ?? ??? ?????


???? ??
||
<!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>php.cn</title> <style> .error {color: #FF0000;} </style> </head> <body> <?php // 定義變量并默認(rèn)設(shè)置為空值 $nameErr = $emailErr = $genderErr = $websiteErr = ""; $name = $email = $gender = $comment = $website = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["name"])) { $nameErr = "名字是必需的"; } else { $name = test_input($_POST["name"]); // 檢測名字是否只包含字母跟空格 if (!preg_match("/^[a-zA-Z ]*$/",$name)) { $nameErr = "只允許字母和空格"; } } if (empty($_POST["email"])) { $emailErr = "郵箱是必需的"; } else { $email = test_input($_POST["email"]); // 檢測郵箱是否合法 if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) { $emailErr = "非法郵箱格式"; } } if (empty($_POST["website"])) { $website = ""; } else { $website = test_input($_POST["website"]); // 檢測 URL 地址是否合法 if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) { $websiteErr = "非法的 URL 的地址"; } } if (empty($_POST["comment"])) { $comment = ""; } else { $comment = test_input($_POST["comment"]); } if (empty($_POST["gender"])) { $genderErr = "性別是必需的"; } else { $gender = test_input($_POST["gender"]); } } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?>