将js代码封装在php中,并使用自定义查询调用php
我正在构建一个使用 Piwik 的网络应用程序。 Piwik 是开源分析工具,类似于 Google Analytics。
它提供类似于下面提到的跟踪代码。
<!-- Piwik -->
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.com/" : "http://example.com/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
</script><noscript><p><img src="http://example.com/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript>
<!-- End Piwik Tracking Code -->
以下代码适用于 Site,其 site-id 为 1。检查代码中的以下行。
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
<noscript><p><img src="http://example.com/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript>
我网站的用户将登录到定制的管理面板,并将获得该网站的跟踪代码。
现在我需要隐藏该跟踪代码。 所以,我想把它保存在 php 脚本中。与此处类似
<?php
// Custom-made Analytics Script
// File Name: custom.php
$site_id = isset($_GET['id'])?$_GET['id']:0;
?>
<!-- Piwik -->
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.com/" : "http://example.com/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", <?php echo $site_id; ?>);
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
</script><noscript><p><img src="http://example.com/piwik.php?idsite=<?php echo $site_id; ?>" style="border:0" alt="" /></p></noscript>
<!-- End Piwik Tracking Code -->
如您所见,我已将 JavaScript 中的 site-id 替换为 PHP 变量,我将使用 $_GET 获取该变量。
现在,我将为用户提供以下 JavaScript 代码,他们将把它们放入其网站中。
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.com/" : "http://example.com/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "custom.php?id=1' type='text/javascript'%3E%3C/script%3E"));
</script>
我的问题是,这个脚本会有任何缺点或者会在任何地方崩溃吗?
I am building a web-application which uses Piwik.
Piwik is open-source analytics tool, similar to Google Analytics.
It gives tracking code similar to one mentioned below.
<!-- Piwik -->
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.com/" : "http://example.com/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
</script><noscript><p><img src="http://example.com/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript>
<!-- End Piwik Tracking Code -->
Following code is for Site, whose site-id is 1. Checking following lines in code.
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
<noscript><p><img src="http://example.com/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript>
Users of my site will login to custom-made Admin Panel, and will get tracking code for the site.
Now I need to hide that tracking code.
so, I thought that I keep it in a php script. Similar to one here
<?php
// Custom-made Analytics Script
// File Name: custom.php
$site_id = isset($_GET['id'])?$_GET['id']:0;
?>
<!-- Piwik -->
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.com/" : "http://example.com/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", <?php echo $site_id; ?>);
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
</script><noscript><p><img src="http://example.com/piwik.php?idsite=<?php echo $site_id; ?>" style="border:0" alt="" /></p></noscript>
<!-- End Piwik Tracking Code -->
As you can see, I have replaced site-id in JavaScript, with PHP variable which I will fetch using $_GET
Now, I will provide my users with following JavaScript code that they will put in their site.
<script type="text/javascript">
var pkBaseURL = (("https:" == document.location.protocol) ? "https://example.com/" : "http://example.com/");
document.write(unescape("%3Cscript src='" + pkBaseURL + "custom.php?id=1' type='text/javascript'%3E%3C/script%3E"));
</script>
My question here is, will this script have any down-points or will it break-down anywhere?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我在这里看到两个问题:
您的
custom.php容易受到 XSS 攻击。如果您想保留它,请替换:与:
仅允许数字输入。
除非您打算更改此代码,否则只需提供其中硬编码了 ID 的静态代码即可。
I see two issues here:
Your
custom.phpis vulnerable to XSS. If you want to keep it, replace:with:
to allow numeric input only.
Unless you're planning to change this code, just provide the static code with the ID hard-coded in it.