When I run this code:
当我运行此代码时:
<?php
if (preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
$page = realpath("includes/$_GET[p].php");
if ($page) {
include $page;
}
}
?>
I get this error:
我收到此错误:
Notice: Undefined index: p in index.php on line 3
注意:未定义的索引:第3行的index.php中的p
6 个解决方案
#1
The error message says that there is no array item with the key p. If you cannot guarantee that a variable (or array item) does exist, you should first check it with the isset function:
错误消息表明没有带键p的数组项。如果您不能保证变量(或数组项)确实存在,则应首先使用isset函数进行检查:
if (isset($_GET['p']) && preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
$page = realpath("includes/$_GET[p].php");
if ($page) {
include $page;
}
}
#2
What Gumbo said for checking if the index is set in the array.
Gumbo所说的用于检查索引是否在数组中设置。
Also for parsing an array index in a string you should use brackets around the array, and you should escape the index with single quotes if it is a string.
另外,对于解析字符串中的数组索引,您应该在数组周围使用括号,如果是字符串,则应使用单引号转义索引。
$page = realpath("includes/{$_GET['p']}.php");
But for including files suggested by the user, the safest way is to look up the files in an array, and only include them if they exists there.
但是对于包含用户建议的文件,最安全的方法是查找数组中的文件,并且只在它们存在时才包含它们。
#3
$page = realpath("includes/ " . $_GET['p'] . ".php");
#4
There is no real problem. PHP yields a Notice not a Warning or Error. Basically, your script is not receiving the p URL parameter. So it uses '' and gives a notice in the log. If you see this message on your rendered page, adjust php error reporting to something like E_ERROR | E_WARNING in PHP.ini
没有真正的问题。 PHP产生通知而不是警告或错误。基本上,您的脚本没有收到p URL参数。所以它使用''并在日志中发出通知。如果您在渲染页面上看到此消息,请将php错误报告调整为类似E_ERROR |的内容PHP.ini中的E_WARNING
#5
There is no 'p' parameter to the page, maybe? Did you mean $_REQUEST instead?
Also, is it not `"${_GET['p']}" when you are accessing an array?
页面上没有'p'参数,也许?你的意思是$ _REQUEST吗?另外,当你访问一个数组时,它不是“$ {_ GET ['p']}”吗?
#6
Look into array_key_exists() for checking whether an array key... exists. But in your case I suggest you pick up the filter class of functions which specialize in working with user input.
查看array_key_exists()以检查数组键是否存在。但在你的情况下,我建议你选择专门处理用户输入的过滤器类功能。
#1
The error message says that there is no array item with the key p. If you cannot guarantee that a variable (or array item) does exist, you should first check it with the isset function:
错误消息表明没有带键p的数组项。如果您不能保证变量(或数组项)确实存在,则应首先使用isset函数进行检查:
if (isset($_GET['p']) && preg_match('/^[a-z0-9]+$/', $_GET['p'])) {
$page = realpath("includes/$_GET[p].php");
if ($page) {
include $page;
}
}
#2
What Gumbo said for checking if the index is set in the array.
Gumbo所说的用于检查索引是否在数组中设置。
Also for parsing an array index in a string you should use brackets around the array, and you should escape the index with single quotes if it is a string.
另外,对于解析字符串中的数组索引,您应该在数组周围使用括号,如果是字符串,则应使用单引号转义索引。
$page = realpath("includes/{$_GET['p']}.php");
But for including files suggested by the user, the safest way is to look up the files in an array, and only include them if they exists there.
但是对于包含用户建议的文件,最安全的方法是查找数组中的文件,并且只在它们存在时才包含它们。
#3
$page = realpath("includes/ " . $_GET['p'] . ".php");
#4
There is no real problem. PHP yields a Notice not a Warning or Error. Basically, your script is not receiving the p URL parameter. So it uses '' and gives a notice in the log. If you see this message on your rendered page, adjust php error reporting to something like E_ERROR | E_WARNING in PHP.ini
没有真正的问题。 PHP产生通知而不是警告或错误。基本上,您的脚本没有收到p URL参数。所以它使用''并在日志中发出通知。如果您在渲染页面上看到此消息,请将php错误报告调整为类似E_ERROR |的内容PHP.ini中的E_WARNING
#5
There is no 'p' parameter to the page, maybe? Did you mean $_REQUEST instead?
Also, is it not `"${_GET['p']}" when you are accessing an array?
页面上没有'p'参数,也许?你的意思是$ _REQUEST吗?另外,当你访问一个数组时,它不是“$ {_ GET ['p']}”吗?
#6
Look into array_key_exists() for checking whether an array key... exists. But in your case I suggest you pick up the filter class of functions which specialize in working with user input.
查看array_key_exists()以检查数组键是否存在。但在你的情况下,我建议你选择专门处理用户输入的过滤器类功能。