PHP cung cấp một số lượng lớn các biến được xác định trước cho tất cả các tập lệnh. Các biến đại diện cho tất cả mọi thứ, từ các biến bên ngoài đến các biến môi trường tích hợp, thông báo lỗi cuối cùng đến các tiêu đề truy xuất cuối cùng.
Mục lục
- Superglobals-Các biến tích hợp luôn có sẵn trong tất cả các phạm vi
- $ Globals - Tài liệu tham khảo tất cả các biến có sẵn trong phạm vi toàn cầu
- $ _Server - Thông tin môi trường thực thi và máy chủ
- $ _GET - HTTP Nhận các biến
- $ _POST - HTTP POST Biến
- $ _Files - HTTP Tệp tải lên các biến
- $ _Request - Biến yêu cầu HTTP
- $ _Session - Biến phiên
- $ _ENV - Biến môi trường
- $ _Cookie - cookie http
- $ PHP_ERRORMSG - Thông báo lỗi trước đó
- $ http_response_header - Tiêu đề phản hồi HTTP
- $ argc - số lượng đối số được chuyển cho tập lệnh
- $ argv - mảng các đối số được chuyển cho tập lệnh
New York PHP ¶ ¶
17 năm trước
Warning: $_SERVER['PHP_SELF'] can include arbitrary user input. The documentation should be updated to reflect this.
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
Josh, Endquote, com ¶ ¶
18 năm trước
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
if[!isset[$_SERVER['REQUEST_URI']]] {
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
Aardvark ¶ ¶
16 năm trước
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
To handle this the query parameter value can be obtained using a function such as:
function getQueryParameter [$strParam] {
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
0
Daniel tại Softel Dot JP ¶ ¶
17 năm trước
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
2
Josh, Endquote, com ¶ ¶
18 năm trước
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
3
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
4
Aardvark ¶ ¶
16 năm trước
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
6
Daniel tại Softel Dot JP ¶ ¶
18 năm trước
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
7
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
8
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
9
Aardvark ¶ ¶
18 năm trước
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
1
Aardvark ¶ ¶
18 năm trước
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
2
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
3
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
4
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
5
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
6
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
7
Aardvark ¶ ¶
17 năm trước
The attack string could contain urlencoded HTML and JavaScript [cross-site scripting] or it could contain urlencoded linebreaks [HTTP response-splitting].
9
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
0
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
1
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
2
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
3
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
4
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
5
Josh, Endquote, com ¶ ¶
17 năm trước
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
7
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
8
The use of $_SERVER['SCRIPT_NAME'] is recommended instead.
9
0
Josh, Endquote, com ¶ ¶
16 năm trước
2
3
4
5
6
7
8
Daniel tại Softel Dot JP ¶ ¶
Danvasile tại Pentest dot ro ¶
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
0
15 năm trước ¶
Nathan ¶
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
1
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
2
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
3
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
4
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
5
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
6
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
7
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
8
Running PHP 4.3 under IIS 5 on Windows XP, there is no $_SERVER['REQUEST_URI'] variable. This seems to fix it:
9
if[!isset[$_SERVER['REQUEST_URI']]] {
0
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
if[!isset[$_SERVER['REQUEST_URI']]] {
1
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
if[!isset[$_SERVER['REQUEST_URI']]] {
2
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
Josh, Endquote, com ¶ ¶
17 năm trước
if[!isset[$_SERVER['REQUEST_URI']]] {
4
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
if[!isset[$_SERVER['REQUEST_URI']]] {
5
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
if[!isset[$_SERVER['REQUEST_URI']]] {
6
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
if[!isset[$_SERVER['REQUEST_URI']]] {
7
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
Josh, Endquote, com ¶ ¶
Nathan ¶
if[!isset[$_SERVER['REQUEST_URI']]] {
9
$_SERVER['REQUEST_URI'] = substr[$_SERVER['argv'][0], strpos[$_SERVER['argv'][0], ';'] + 1];
}
0
1
2
3
4
mrnopersonity tại yahoo dot com ¶ ¶
18 năm trước
6
7
8
9
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
0
To handle this the query parameter value can be obtained using a function such as:
Aardvark ¶ ¶
16 năm trước
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
2
To handle this the query parameter value can be obtained using a function such as:
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
3
To handle this the query parameter value can be obtained using a function such as:
Daniel tại Softel Dot JP ¶ ¶
Danvasile tại Pentest dot ro ¶
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
5
To handle this the query parameter value can be obtained using a function such as:
15 năm trước ¶
17 năm trước
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
6
To handle this the query parameter value can be obtained using a function such as:
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
7
To handle this the query parameter value can be obtained using a function such as:
Josh, Endquote, com ¶ ¶
Nathan ¶
$_GET may not handle query string parameter values which include escaped Unicode values resulting from applying the JavaScript "escape" function to a Unicode string.
9
To handle this the query parameter value can be obtained using a function such as:
function getQueryParameter [$strParam] {
0
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
function getQueryParameter [$strParam] {
1
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
function getQueryParameter [$strParam] {
2
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
function getQueryParameter [$strParam] {
3
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
function getQueryParameter [$strParam] {
4
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
mrnopersonity tại yahoo dot com ¶ ¶
16 năm trước
function getQueryParameter [$strParam] {
6
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
function getQueryParameter [$strParam] {
7
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
Daniel tại Softel Dot JP ¶ ¶
16 năm trước
function getQueryParameter [$strParam] {
9
$aParamList = explode['&', $_SERVER['QUERY_STRING']];
$i = 0;
while [$i < count[$aParamList]] {
$aParam = split['=', $aParamList[$i]];
if [$strParam == $aParam[0]] {
return $aParam[1];
}
}
return "";
}
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
00
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
01
The request "//example.com/info.php/attack%20here" will run /info.php, but in Apache $_SERVER['PHP_SELF'] will equal "/info.php/attack here". This is a feature, but it means that PHP_SELF must be treated as user input.
02