strpos
(PHP 4, PHP 5)strpos — Find the position of the first occurrence of a substring in a string
Description
int strpos ( string$haystack
, mixed
$needle [, int
$offset = 0 ] )Find the numeric position of the first occurrence of
needle in the
haystack string.
Returns the position of where the needle exists relative to the beginning of the
haystack
string (independent of offset). Also note that string positions start
at 0, and not 1.
Returns
FALSE
if the needle was not found.
Pos starts with zero...
preg_match:
(PHP 4, PHP 5)preg_match — Perform a regular expression match
Report
a bug
Description
int preg_match ( string
Searches
Description
int preg_match ( string
$pattern
, string $subject
[, array &$matches
[, int $flags =
0 [, int $offset
= 0 ]]] )Searches
subject
for a match to the regular expression given in pattern.
Explode (returns arry )
(PHP 4, PHP 5)explode — Split a string by string
Report
a bug
array explode
( string
Returns an array of strings, each of which is a substring of
Description
array explode
( string $delimiter
, string $string
[, int $limit ]
)Returns an array of strings, each of which is a substring of
string
formed by splitting it on boundaries formed by the string delimiter.
Implode (to string)
The htmlentities function takes a
string and returns the same string with HTML converted into HTML
entities. For example, the string "<script>" would be
converted to "<script>".
By converting the < and > into
entities, it prevents the browser from using it as an HTML element
and it prevents the code from running if you were to display some
user's input on your website.
This may seem a little complicated, but
if you think of the way a browser works, in separate stages, it
becomes a little easier. Let's look at the way the function
htmlentities changes the data at three different levels: in PHP, in
raw HTML and in the web browser. The sample string is a bad script
that will redirect visitors to the malicious user's own website.
PHP Code:
// An imaginary article submission from
a bad user
// it will redirect anyone to
example.com if the code is run in a browser
$userInput = "I am going to hax0r
your site, hahaha!
<script
type='text/javascript'>
window.location =
'http://www.example.com/'
</script>'";
//Lets make it safer before we use it
$userInputEntities =
htmlentities($userInput);
//Now we can display it
echo $userInputEntities;
The HTML output of the above script
would be as follows:
Safe Raw HTML Code:
I am going to hax0r your site, hahaha!
<script
type='text/javascript'>
window.location =
'http://www.example.com/'
</script>'
If we had not used htmlentities to
convert any HTML code into safe entities, this is what the raw HTML
code would be and it would have redirect a visitor to example.com.
Dangerous Raw HTML Code:
I am going to hax0r your site, hahaha!
<script
type='text/javascript'>
window.location =
'http://www.example.com/'
</script>'
Those two HTML code examples are what
you would see if you were to view source on the web page. However, if
you were just viewing the output normally in your browser you would
see the following.
Safe Display:
I am going to hax0r your site, hahaha!
<script type='text/javascript'> window.location =
'http://www.example.com/' </script>'
Dangerous Display:
You'd see whatever spammer site that
the malicious user had sent you to. Probably some herbal supplement
site or weight loss pills would be displayed.
When Would You Use htmlentities?
Anytime you allow users to submit
content to your website, that other visitors can see, you should
consider removing the ability to let them use HTML. Although this
will remove a lot of cool things that your users can do, like making
heavily customized content, it will prevent your site from a lot of
common attacks. With some custom coding you can just remove specific
tags from running, but that is beyond the scope of this lesson.
Just remember, that when allowing users
to submit content to your site you are also giving them access to
your website. Be sure you take the proper precautions.
<DOCTYPE>:
Definition and Usage
The <!DOCTYPE> declaration must
be the very first thing in your HTML document, before the <html>
tag.
The <!DOCTYPE> declaration is not
an HTML tag; it is an instruction to the web browser about what
version of HTML the page is written in.
In HTML 4.01, the <!DOCTYPE>
declaration refers to a DTD, because HTML 4.01 was based on SGML. The
DTD specifies the rules for the markup language, so that the browsers
render the content correctly.
HTML5 is not based on SGML, and
therefore does not require a reference to a DTD.
Syntax
<?php
$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
echo $url;
?>
$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
echo $url;
?>
Overview
In this tutorial, you'll learn 2
functions in php to get full url from address bar.
1. $_SERVER['HTTP_HOST']
2. $_SERVER['REQUEST_URI']
2. $_SERVER['REQUEST_URI']
$_SERVER['HTTP_HOST'] - This function
will show only server name.
$_SERVER['REQUEST_URI'] - This function will show you the path to file of your url.
$_SERVER['REQUEST_URI'] - This function will show you the path to file of your url.
$_SERVER['DOCUMENT_ROOT'] =======
C:/xampp/htdocs
No comments:
Post a Comment