A problem with http_build_query in php
- 2020-05-16 06:27:24
- OfStack
When we use CURL for post data, we need to set post data
curl_setopt($c, CURLOPT_POSTFIELDS, $post_data);
So let's say that this $data right here is
Next, you need to turn $data into a string
$post_data = http_build_query($data);
And http_build_query
curl_setopt($c, CURLOPT_POSTFIELDS, $post_data);
There doesn't seem to be any problem. But in practice, $post_data is not passed by post. So, I wrote a conversion method and then OK.
Thanks to huang bin-huangbin for testing http_build_query ($data, ""," & "); Can, do not need to write their own method of parsing.
http_build_query remote attackers can exploit the vulnerability to obtain sensitive memory information. Please use with caution
curl_setopt($c, CURLOPT_POSTFIELDS, $post_data);
So let's say that this $data right here is
$data = array(
'name'=>'scofield',
'time'=>'2012-2-3'
)
Next, you need to turn $data into a string
$post_data = http_build_query($data);
And http_build_query
curl_setopt($c, CURLOPT_POSTFIELDS, $post_data);
There doesn't seem to be any problem. But in practice, $post_data is not passed by post. So, I wrote a conversion method and then OK.
function getStr($array,$Separator='&') {
if (empty($array))
return;
if (!is_array($array)) {
return $array;
}
$returnStr = '';
foreach ($array as $key => $val) {
$temp = '';
if (is_array($val)) {
for ($i = 0; $i < count($val); $i++) {
$returnStr .= $key . '[' . $i . ']' . '=' . $val[$i] . $Separator;
}
} else {
$returnStr.= $key . '=' . $val . $Separator;
}
}
$returnStr = substr(trim($returnStr), 0, -1);
return $returnStr;
}
Thanks to huang bin-huangbin for testing http_build_query ($data, ""," & "); Can, do not need to write their own method of parsing.
http_build_query remote attackers can exploit the vulnerability to obtain sensitive memory information. Please use with caution