Shulou(Shulou.com)06/03 Report--

This article mainly introduces the "detailed description of the PHP input stream php://input". In the daily operation, I believe many people have doubts about the detailed description of the PHP input stream php://input. The editor consulted all kinds of data and sorted out a simple and easy-to-use method of operation. I hope it will be helpful to answer the doubts of "the detailed description of the PHP input stream php://input". Next, please follow the editor to study!

Php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. Php://input is not available with enctype= "multipart/form-data".

The translation goes like this:

"php://input can read unprocessed POST data. Compared to $HTTP_RAW_POST_DATA, it puts less pressure on memory and does not require special php.ini settings. Php://input cannot be used with enctype=multipart/form-data"

How should we understand this overview? I divided it into three parts and understood it step by step.

Read POST data

Cannot be used for multipart/form-data types

Php://input VS $HTTP_RAW_POST_DATA

Read POST data

PHPer must be familiar with the built-in variable $_ POST. What are the connections and differences between $_ POST and php://input? In addition, in addition to POST, the most common way for the client to exchange data with the server is GET. Since php://input is the PHP input stream, can it read GET data? These two questions are the main contents that we need to discuss in this section.

Experience tells us that summing up from testing and observation can be a very effective method. Here, I wrote a few scripts to help us test.

@ file 192.168.0.6:/phpinput_server.php prints out the data received

@ file 192.168.0.8:/phpinput_post.php simulates the submission of form data in the POST method

@ file 192.168.0.8:/phpinput_xmlrpc.php simulates issuing a xmlrpc request using the POST method.

@ file 192.168.0.8:/phpinput_get.php simulates the number of form tables submitted by the GET method

Phpinput_server.php and phpinput_post.php

We can crawl the http request packet by using the tool ngrep (because what we need to know is php://input, we only crawl the http Request packet here). Let's execute the test script phpinput_post.php

@ php / phpinput_post.php

HTTP/1.1 200 OK

Date: Thu, 08 Apr 2010 03:23:36 GMT

Server: Apache/2.2.3 (CentOS)

X-Powered-By: PHP/5.1.6

Content-Length: 160

Connection: close

Content-Type: text/html; charset=UTF-8

-$_ POST-

Array (2) {

["n"] = > string (9) "perfgeeks"

["p"] = > string (4) "7788"

}

-php://input-

N=perfgeeks&p=7788

The http request packet captured through ngrep is as follows:

T 192.168.0.8 57846-> 192.168.0.6 VR 80 [AP]

POST / phpinput_server.php HTTP/1.1..

Host: 192.168.0.6..Content-Type: application/x-www-form-urlencoded..Co

Ntent-Length: 18..Connection: close....n=perfgeeks&p=7788....

If we observe carefully, it is not difficult for us to find out

1 php://input data is "consistent" with httpd entity body data.

The Content-Type in the http http request is application/x-www-form-urlencoded, which indicates that the data in the http request body is the form data submitted using the http's post method, and is processed by urlencode ().

(note: pay attention to the bold part of the content, no longer prompted below).

Let's take a look at the original contents of the script phpinput_xmlrpc.php, which simulates an xml-rpc request submitted by the POST method.

Again, let's execute this test script

@ php / phpinput_xmlrcp.php

HTTP/1.1 200 OK

Date: Thu, 08 Apr 2010 03:47:18 GMT

Server: Apache/2.2.3 (CentOS)

X-Powered-By: PHP/5.1.6

Content-Length: 154

Connection: close

Content-Type: text/html; charset=UTF-8

-$_ POST-

Array (0) {

}

-php://input-

Jt_userinfo

When executing this script, the http request packet we crawled through ngrep is as follows

T 192.168.0.8 45570-> 192.168.0.6 VR 80 [AP]

POST / phpinput_server.php HTTP/1.1..

Host: 192.168.0.6..Content-Type: text/html..Content-Length: 75..Connec

Tion: close. Jt_userinfo

.

Similarly, I can easily find out:

1the Content-Type in the http request is text/xml. It indicates that the body data in the http request is in xml data format.

2. The server $_ POST prints out an empty array, which is inconsistent with http entity body. This is different from the previous example, where the Content-Type is text/xml, not application/x-www-form-urlencoded.

3, while the php://input data is still consistent with the http entity body data. That is, the php://input data is inconsistent with the $_ POST data.

Let's take a look at the submission of form data through the GET method. Can php://input read the form data of the GET method? Here, let's change the phpinput_server.php file slightly to change $_ POST to $_ GET.

The copy code is as follows:

Again, we execute the next phpinput_get.php test script, which simulates a normal GET method to submit form data.

@ php / phpinput_get.php

HTTP/1.1 200 OK

Date: Thu, 08 Apr 2010 07:38:15 GMT

Server: Apache/2.2.3 (CentOS)

X-Powered-By: PHP/5.1.6

Content-Length: 141

Connection: close

Content-Type: text/html; charset=UTF-8

-$_ GET-

Array (2) {

["n"] = >

String (9) "perfgeeks"

["p"] = >

String (4) "7788"

}

-php://input-

At this time, using the ngrep tool, the corresponding http request packet captured is as follows

T 192.168.0.8 36775-> 192.168.0.6 VR 80 [AP]

GET / phpinput_server.php?n=perfgeeks&p=7788 HTTP/1.1..

Host: 192.168.0.6..Connection: close....

Compare the http requests submitted by the POST method, usually the entity body is empty in the requests submitted by the GET method. At the same time, Content-Type and Content-Length are not specified. However, if the tough data http entity body, and indicates the correct Content-Type and Content-Length, then php://input can also read http entity body data, but not $_ GET data.

On the basis of the above probes, we can make the following summary:

1 when the value of application/x-www-form-urlencoded Contente-Type is application/x-www-form-urlencoded, php will fill the http request body corresponding data into the array $_ POST, and the data entered into the $_ POST array is the result of urldecode () parsing. (in fact, in addition to the Content-Type, there is also multipart/form-data that indicates that the data is form data, which we will cover later.)

2Magne php _ _ hand input data, as long as the Content-Type is not multipart/form-data (this condition limitation will be described later). Then the php://input data is consistent with some of the http entity body data. The length of the data that is consistent with this part is specified by Content-Length.

3, the $_ POST data is "consistent" with the php://input data only if the Content-Type is application/x-www-form-urlencoded and the submission method is the POST method (quotation marks indicate that they are inconsistent in format and content). In other cases, they are inconsistent.

4the GET GET data can not be read by the input php _ hand. This is because the $_ GET data is written as query_path in the PATH field of the http request header (header), not in the body section of the http request.

This also helps us understand why the xml_rpc server reads data through file_get_contents ('php://input', 'r'). Instead of reading from $_ POST, because the xml_rpc data specification is xml, its Content-Type is text/xml.

Php://input ran into multipart/form-data.

When uploading a file, the form is written like this

The copy code is as follows:

So, the meaning of enctype=multipart/form-data here is to set the Content-Type in the header (head) of the http request to multipart/form-data. Please refer to RFC1867's description of it. Multipart/form-data also indicates that the form data is submitted in the POST method, which is accompanied by file upload, so it will be different from the application/x- www-form-urlencoded data format. It will be delivered to the server in a more reasonable and efficient data format. We submit the form data and print out the response results, as follows:

-$_ POST-

Array (1) {["n"] = > string (9) "perfgeeks"}

-php://input-

At the same time, the corresponding http request packets we crawled through ngrep are as follows:

#

T 192.168.0.8 VR 3981-> 192.168.0.6 VR 80 [AP]

POST / phpinput_server.php HTTP/1.1..Host: 192.168.0.6..Connection: kee

P-alive..User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) A

PpleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2..Re

Ferer: http://192.168.0.6/phpinput_server.php..Content-Length: 306..Ca

Che-Control: max-age=0..Origin: http://192.168.0.6..Content-Type: mult

Ipart/form-data; boundary=----WebKitFormBoundarybLQwkp4opIEZn1fA..Acce

Pt: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q

= 0.8 Magi imageCharpy pngqcoding: gzip,deflate,sdch..Accept-L

Anguage: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cook

Ie: SESS3b0e658f87cf58240de13ab43a399df6=lju6o5bg8u04lv1ojugm2ccic6...

.

# #

T 192.168.0.8 VR 3981-> 192.168.0.6 VR 80 [AP]

-WebKitFormBoundarybLQwkp4opIEZn1fA..Content-Disposition: form-da

Ta; name= "n".... perfgeeks..-WebKitFormBoundarybLQwkp4opIEZn1fA..C

Ontent-Disposition: form-data; name= "f"; filename= "test.txt".. content-

Type: text/plain....i am file..multipart/form-data..-WebKitFormBo

UndarybLQwkp4opIEZn1fA--..

# #

Compared from the response output, the $_ POST data matches the request submission data, that is, $_ POST = array ('n'= > 'perfgeeks'). This also corresponds to the data in the http request body, and indicates that PHP fills the corresponding data into the global variable $_ POST. The php://input output is empty and nothing is output, even though the body in the http request packet is not empty. This means that when Content-Type is multipart/form-data, even if data exists in the http request body, the php://input is empty, and PHP will not fill the php://input stream with data. Therefore, it can be determined that php://input cannot be used to read enctype=multipart/form-data data.

If we compare the http request packet crawled through ngrep, we will find that the biggest difference is that Content-Type is followed by boundary to define the delimiter of the data, and bounday is randomly generated. Another big difference is that the data structure in http entity body is different.

In the previous section, we outlined that php://input and $_ POST data are "consistent" when Content-Type is application/x- www-form-urlencoded, and php://input and $_ POST data are inconsistent when other Content-Type is used. This is because only when Content-Type is application/x-www-form- urlencoded or multipart/form-data, PHP will fill the corresponding part of the body data in the http request packet into the $_ POST global variable, and the other cases will be ignored by PHP. Php://input may not be empty except when the data type is multipart/form-data. Through this section, we better understand the difference and relationship between php://input and $_ POST. So, again, php://input cannot read enctype=multipart/form-data data, and when php://input encounters it, it is always empty, even if http entity body has data.

Php://input VS $http_raw_post_data

I believe you already have a certain in-depth understanding of php://input. So what is $http_raw_post_data? Http_raw_post_data is a global variable built-in to PHP. It is used for PHP to fill in the variable $http_raw_post_data as is the data from POST in the case of an unrecognized Content-Type. It also cannot read POST data whose Content- Type is multipart/form-data. You need to set the always_populate_raw_post_ data value in php.ini to On,PHP to always fill the POST data into the variable $http_raw_post_data.

You can verify the above by changing the script phpinput_server.php.

The copy code is as follows:

Execute the test script

@ php phpinput_post.php

@ php phpinput_get.php

@ php phpinput_xmlrpc.php

The resulting output is all the same, that is, all 1, which means that php://input and $HTTP_RAW_POST_DATA are the same. As for the pressure on memory, we will not do detailed testing here. If you are interested, you can test and observe through xhprof.

Therefore, our section can be summarized as follows:

1. Php://input can read the value of the specified length in http entity body, and the length is specified by Content-Length, regardless of the data submitted by POST or GET method. However, in general, when the GET method submits data, the http request entity body section is empty.

2the data read by Content-Type multipart/form-data HTTP_RAW_POST_DATA input is the same as that read by $PHP. It only reads data that is not multipart/form-data.

Study notes

1 PHP will fill the corresponding data in the http request packet into the global variable $_ POST only if the values are application/x-www-data-urlencoded and multipart/form-data

2 when the Content-Type type is not recognized by PHP, the corresponding data in the http request package will be filled with the variable $HTTP_RAW_POST_DATA

3. Only when Coentent-Type is not multipart/form-data, PHP will not fill php://input with the corresponding data in the http request packet, otherwise it will. The length to be filled, as specified by Coentent-Length.

4. Only when Content-Type is application/x-www-data-urlencoded, php://input data is consistent with $_ POST data.

5 the data of php://input HTTP_RAW_POST_DATA HTTP_RAW_POST_DATA input is always the same as that of $HTTP_RAW_POST_DATA, but it is more efficient than $PHP, and no special setting is required

6Jing PHP will fill the query_path part of the PATH field with the global variable $_ GET. Typically, the http request submitted by the GET method has an empty body.

At this point, the study on the "detailed description of the PHP input stream php://input" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.