PHP input stream php://input instructions (1/2)_PHP tutorial

When using xml-rpc, the server side obtains client data, mainly through the PHP input stream input, rather than the $_POST array. Therefore, here we mainly discuss the php input stream php://input

An introduction to php://input. The official PHP manual document has a paragraph that clearly outlines it.

“php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. php://input is not available with enctype=” multipart/form-data”.

Translated, it is like this:

"php://input can read unprocessed POST data. Compared with $HTTP_RAW_POST_DATA, it puts less pressure on memory and does not require special php.ini settings. php:/ /input cannot be used with enctype=multipart/form-data”

How should we understand this overview?! I divided it into three parts and understood it step by step.

Read POST data
Cannot be used for multipart/form-data types
php://input VS $HTTP_RAW_POST_DATA
Read POST data
PHPers must be familiar with the built-in variable $_POST. What are the relationships and differences between $_POST and php://input? In addition, the most commonly used method for the client to interact with the server is GET in addition to POST. Since php://input serves as a PHP input stream, can it read GET data? These two questions are the main content we need to discuss in this section.
Experience tells us that summarizing from testing and observation will be a very effective method. Here, I wrote a few scripts to help us test.

@file 192.168.0.6:/phpinput_server.php print out the received data
@file 192.168.0.8:/phpinput_post.php simulates submitting form data via POST method
@file 192.168.0.8:/phpinput_xmlrpc.php simulates issuing an xmlrpc request using the POST method.
@file 192.168.0.8:/phpinput_get.php simulates submitting the form number using the GET method
phpinput_server.php and phpinput_post.php

The code is as follows	Copy code
代码如下	复制代码
//@file phpinput_server.php $raw_post_data = file_get_contents('php://input', 'r'); echo "-------$_POST------------------n"; echo var_dump($_POST) . "n"; echo "-------php://input-------------n"; echo $raw_post_data . "n"; ?>   //@file phpinput_post.php $http_entity_body = 'n=' . urldecode('perfgeeks') . '&p=' . urldecode('7788'); $http_entity_type = 'application/x-www-form-urlencoded'; $http_entity_length = strlen($http_entity_body); $host = '192.168.0.6'; $port = 80; $path = '/phpinput_server.php'; $fp = fsockopen($host, $port, $error_no, $error_desc, 30); if ($fp) { fputs($fp, "POST {$path} HTTP/1.1rn"); fputs($fp, "Host: {$host}rn"); fputs($fp, "Content-Type: {$http_entity_type}rn"); fputs($fp, "Content-Length: {$http_entity_length}rn"); fputs($fp, "Connection: closernrn"); fputs($fp, $http_entity_body . "rnrn"); while (!feof($fp)) { $d .= fgets($fp, 4096); } fclose($fp); echo $d; } ?>

//@file phpinput_server.php

$raw_post_data = file_get_contents('php://input', 'r');
echo "-------$_POST------------------n";

echo var_dump($_POST) . "n";

代码如下	复制代码
@php /phpinput_post.php HTTP/1.1 200 OK Date: Thu, 08 Apr 2010 03:23:36 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Content-Length: 160 Connection: close Content-Type: text/html; charset=UTF-8 -------$_POST------------------ array(2) {   ["n"]=> string(9) "perfgeeks"   ["p"]=> string(4) "7788" } -------php://input------------- n=perfgeeks&p=7788

echo "-------php://input-------------n"; echo $raw_post_data . "n"; ?> //@file phpinput_post.php<🎜> $http_entity_body = 'n=' . urldecode('perfgeeks') . '&p=' . urldecode('7788');<🎜> $http_entity_type = 'application/x-www-form-urlencoded';<🎜> $http_entity_length = strlen($http_entity_body);<🎜> $host = '192.168.0.6';<🎜> $port = 80;<🎜> $path = '/phpinput_server.php';<🎜> $fp = fsockopen($host, $port, $error_no, $error_desc, 30);<🎜> if ($fp) {<🎜> fputs($fp, "POST {$path} HTTP/1.1rn");<🎜> fputs($fp, "Host: {$host}rn");<🎜> fputs($fp, "Content-Type: {$http_entity_type}rn");<🎜> fputs($fp, "Content-Length: {$http_entity_length}rn");<🎜> fputs($fp, "Connection: closernrn");<🎜> fputs($fp, $http_entity_body . "rnrn");<🎜> <🎜> while (!feof($fp)) {<🎜> $d .= fgets($fp, 4096);<🎜> }<🎜> fclose($fp);<🎜> echo $d;<🎜> }<🎜> ?> We can capture http request packets by using the tool ngrep (because what we need to detect is php://input, we only capture http Request packets here). Let’s execute the test script phpinput_post.php

The code is as follows	Copy code
@php /phpinput_post.php HTTP/1.1 200 OK Date: Thu, 08 Apr 2010 03:23:36 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Content-Length: 160 Connection: close Content-Type: text/html; charset=UTF-8 -------$_POST------------------ array(2) { ["n"]=> string(9) "perfgeeks" ["p"]=> string(4) "7788" } -------php://input------------- n=perfgeeks&p=7788

The http request packet captured through ngrep is as follows:

T 192.168.0.8:57846 -> 192.168.0.6:80 [AP]
POST /phpinput_server.php HTTP/1.1..
Host: 192.168.0.6..Content-Type: application/x-www-form-urlencoded..Co
ntent-Length: 18..Connection: close....n=perfgeeks&p=7788....
Observing carefully, we can easily find
1. $_POST data, php://input data and httpd entity body data are "consistent"
2. The Content-Type in the http request is application/x-www-form-urlencoded, which means that the data in the http request body is the form data submitted using the http post method and has been processed by urlencode().
(Note: Pay attention to the bolded parts, which will not be prompted below).

1 2