PHP有害URL保护
[英]PHP Harmful URL protection
问题描述
I've made this script, but the 4th line isn't right and I have really no clue how to solve this. 
我已经编写了这个脚本,但是第四行是不对的,我真的不知道如何解决这个问题。 I really appriciate if someone helps me. 如果有人帮助我,我真的很高兴。 This is my code: 这是我的代码:
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if($url == $badsite) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
So the thing which doesn't work is the following line 所以下面的行是行不通的
if($url == $badsite) {
How can I make it so it checks if the GET contains a $badsite? 我怎样才能使它检查GET是否包含$ badsite?
2 个解决方案
解决方案1
1 已采纳 2015-02-28 20:35:56
You don't want to check if the value equals the array, you want to check if it's in the array . 您不想检查该值是否等于数组,而是想检查它是否在 array中 。 Perhaps something like this: 也许是这样的:
if (in_array($url, $badsite)) {
// ...
}
Side note, you don't need (or want, really) this echo statement: 旁注,您不需要(或确实想要)此echo语句:
echo "Not harmful";
header("Location: " . $_GET["url"]);
You might get an error by emitting output before sending a header. 在发送标题之前发出输出可能会出错。 But even if you buffer output or in some other way suppress that error, there's no reason to emit output when returning a redirect response. 但是,即使您缓冲输出或以其他方式抑制该错误,在返回重定向响应时也没有理由发出输出。 The browser would display it for only an instant, if at all. 如果有的话,浏览器只会显示一瞬间。 A redirect by itself is a complete HTTP response, no output is required. 重定向本身就是一个完整的HTTP响应,不需要输出。
解决方案2
0 2015-02-28 20:39:24
In this case you can use the function in_array: 在这种情况下,您可以使用in_array函数:
http://php.net/manual/en/function.in-array.php
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if(in_array($url, $basite)) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.