function.file-get-contents - 无法打开流
我正在使用 file_get_contents 函数,但虽然返回正确的输出,但仍然显示此错误:
Warning: file_get_contents(secure/validate.php?cardnumber=1234567) [function.file-get-contents]: failed to open stream: No error in ...
该场景是卡号验证,在 validatecard.php 中有一个简单的 if 语句:
if (isset($_GET['cardnumber']) && ($_GET['cardnumber'] == "12345")) {
echo "OK";
} else {
echo "INVALID CARD";
}
我的代码是:
$cardnumber = $_POST["cardnumber"];
$url = "secure/validate.php?cardnumber=" . $cardnumber;
if (file_get_contents($url) != "OK"){
$order_error_msg = "Invalid card number";
} else { ....
可能是什么问题?
Possible Duplicate:
file_get_contents with query string
I'm using the file_get_contents function but although returning the correct output, it is still showing this error:
Warning: file_get_contents(secure/validate.php?cardnumber=1234567) [function.file-get-contents]: failed to open stream: No error in ...
The scenario is card number validation and in validatecard.php there is a simple if statement:
if (isset($_GET['cardnumber']) && ($_GET['cardnumber'] == "12345")) {
echo "OK";
} else {
echo "INVALID CARD";
}
My code is:
$cardnumber = $_POST["cardnumber"];
$url = "secure/validate.php?cardnumber=" . $cardnumber;
if (file_get_contents($url) != "OK"){
$order_error_msg = "Invalid card number";
} else { ....
What may be the problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯,看来你没有在 php.ini 中设置 allowed_url_fopen@Gordon 是正确的,这不是 url_fopen 问题。它实际上失败了,因为在本地文件上使用 file_get_contents 实际上会获取该文件的代码,而不是运行该文件的 PHP 处理结果。为了让它按照你想要的方式工作,你需要通过在 url 前面添加“https://localhost/”来访问 apache/PHP,并启用allow_url_fopen。但这看起来也是一段非常令人担忧的代码;您应该尽可能少地使用代码中的 CC 编号。通过在获取字符串上使用 file_get_contents 和卡号,就可以将该号码记录在某处。
更安全的实现如下所示:
validatecard.php
然后在您的主代码中:
这样您的 checkCard 函数就更可重用,并且您不必如此频繁地传递卡号。
如果您决定使用 file_get_contents 方法并点击 https://localhost/secure/validatecard.php? card=12345 那么信用卡号将会以纯文本形式记录在您的 apache 访问日志中。这已经接近刑事疏忽了,不要这样做。
另外,根据戈登的建议,请确保您始终使用 https。
您可以考虑聘请具有编写购物车/结帐经验的承包商。做好这些事情很重要,如果您没有经验,这些事情可能会以微妙的方式变得不安全。
Well, it seems like you don't have allow_url_fopen set in your php.ini@Gordon is correct, this is not a url_fopen issue. It's actually failing because using file_get_contents on the local file will actually get you the code for the file, not the PHP-processed result of running that file. To get it to work as you wanted, you'd need to hit apache/PHP by prepending "https://localhost/" to the url, and enabling allow_url_fopen.But also this looks like a very worrying piece of code; you should do as little as possible with CC numbers in the code. By using file_get_contents and a card number on the get string, it opens up the possibility of the number being logged somewhere.
A much more secure implementation would look something like this:
validatecard.php
Then in your main code:
That way your checkCard function is more re-usable, and you don't have to ferry the card number around so much.
If you decide to go with the file_get_contents approach and hit https://localhost/secure/validatecard.php?card=12345 then the credit card numbers will get logged in your apache access logs in plain text. This is verging on criminally negligent, don't do it.
also, as per Gordon's advice, make sure that you're using https all the way through.
You might consider hiring in a contractor with experience writing shopping carts/checkouts. These things are important to get right, and can be insecure in subtle ways if you're not experienced.
您确定您的 php.ini 配置允许打开网址吗?
您也可以使用
phpinfo()进行检查并搜索allow_url_fopen,作为另一张海报 注意到,使用 GET 来做这种事情并不是很理想(阅读:真的真的很糟糕)。如果您热衷于向另一个页面发出请求,而不是使用文件(例如,如果该其他页面不在您的服务器上),请尝试使用
cURL并执行 POST 请求are you sure your
php.iniconfiguration allows for opening urls?you can check using
phpinfo()and searching forallow_url_fopenalso, as another poster noted , using GET for this kind of stuff isn't really ideal (read: really really bad). if you're keen on making a request to another page, rather than using a file (if that other page is not on your server, for example), try using
cURLand do a POST request