一、php中$_REQUEST变量用法
$_REQUEST表单提交php
代码:
第二部分,$_REQUEST数组详解
$_REQUEST数组是PHP中比较常用的数组,一般从其中取出POST,GET,COOKIE等参数。
这里介绍下$_REQUEST数组的填充方式,防止出现一些意想不到的问题。
说明
在php.ini中配置:
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order
request_order = "GP"
request_order这个配置项说明哪些全局变量(G,P,C,E,S分别代表$_GET,$_POST,$COOKIE,$_ENV,$_SERVER)的内容会被添加到$_REQUEST数组中,并且会指明变量填充的顺序,如果重名,那么后面填充的变量会覆盖前面填充的变量内容。
如果把request_order置空,那么PHP将会使用variables_order(如下)配置项所指定的全局变量注册顺序来填充$_REQUEST数组,而不是说把$_REQUEST置空。
; This directive determines which super global arrays are registered when PHP
; starts up. If the register_globals directive is enabled, it also determines
; what order variables are populated into the global space. G,P,C,E & S are
; abbreviations for the following respective super globals: GET, POST, COOKIE,
; ENV and SERVER. There is a performance penalty paid for the registration of
; these arrays and because ENV is not as commonly used as the others, ENV is
; is not recommended on productions servers. You can still get access to
; the environment variables through getenv() should you need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
; http://php.net/variables-order
variables_order = "GPCS"
variables_order这个配置项用来指定全局变量EGPCS (Environment, Get, Post, Cookie, and Server)的解析顺序。 如果variables_order被设置为SP,那么PHP会创建$_SERVER和$_POST,而不会创建$_ENV,$_GET,$_COOKIE等变量, 如果被设置为空,那么PHP不会创建任何超级全局变量。
注意
有时候从$_REQUEST中取出的值不是想要的,考虑这样一个场景: 如果在php.ini中设置request_order = “GPCES”,在HTTP请求中GET或者POST参数的name恰好与COOKIE的name相同,假如为foo。 那么在程序中通过$_REQUEST[‘foo’]来获取到的值是名为foo的一个cookie的值,而不是GET或者POST请求的值。
结语
尽量不要使用$_REQUEST,应该从$_GET,$_POST,$COOKIE,$_ENV,$_SERVER等变量中取出需要的值。
三、php _REQUEST多了个反斜杠
如果提交给php的参数_REQUEST中的值了个反斜杠,这个和php的magic_quotes_gpc这个配置有关系。
默认它是on所以,所有传入参数都会用转义,这当然是安全原因,5.3之后就不建议用,6.0以后就直接删除了。
代码:
php文档中深度反转义的方法:
<?php
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
function remove_wp_magic_quotes()
{
if (get_magic_quotes_gpc()) {
$_GET= stripslashes_deep($_GET);
$_POST = stripslashes_deep($_POST);
$_COOKIE = stripslashes_deep($_COOKIE);
$_REQUEST = stripslashes_deep($_REQUEST);
}
}
?>