Compare the differences between form [url=javascript:;]POST[/url] and fsockopen submission methods.
In the case of form POST submission,
$_POST and [url=javascript:;]php[/url]://input can get the value, $HTTP_RAW_POST_DATA is empty
$_POST to associate Organize the submitted data in an array and perform encoding processing, such as urldecode, or even encoding conversion.
php://input can obtain unprocessed POST raw data through file reading through the input stream
php://input allows reading POST raw data. It puts less pressure on memory than $HTTP_RAW_POST_DATA and does not require any special php.ini settings. php://input cannot be used with enctype="multipart/form-data".
fsockopen submits POST data
Example:
$sock = fsockopen("localhost", 80, $errno, $errstr, 30);
if (!$sock) die(" $errstr ($errno) ");
$data = "txt=" . urlencode("中") . "&bar=" . urlencode("Value for Bar");
fwrite($sock, " POST /posttest/resp****e.php HTTP/1.0 ");
fwrite($sock, "Host: localhost ");
fwrite($sock, "Content-type: application/x- www-form-urlencoded ");
fwrite($sock, "Content-length: " . strlen($data) . " ");
fwrite($sock, "Accept: */* ");
fwrite($sock, " ");
fwrite($sock, "$data ");
fwrite($sock, " ");
$headers = "";
while ($str = trim(fgets($sock, 4096)))
$headers .= "$str ";
echo " ";
$body = "";
while (! feof($sock))
$body .= fgets($sock, 4096);
fclose($sock);
echo $body;
The result is consistent with (1)
Conclusion:
1. Use php://input to easily get the original POST data
2. $HTTP_RAW_POST_DATA is only valid when the Content-Type type of POST is not recognized by PHP
For example, POST data usually submitted through page forms cannot be extracted through $HTTP_RAW_POST_DATA. Its encoding type attribute (enctype attribute) is application/x-www-form-urlencoded, multipart/form-data.
Note: Even if you explicitly change the enctype attribute in the page to a type that is not recognized by PHP, it will still be invalid.
Since the form submission encoding attribute is form-limited, unrecognizable types will be considered to be submitted in the default encoding (i.e. application/x-www-form-urlencoded)
3. $_POST only works when the data is Application/x-www-form-urlencoded type can only be obtained when submitting.
Add -.shtml and the search will consider it as a static page.