试图通过php explode删除子域
试图为安全数据库编写一个验证php代码,所以我一直编写到这里 问题是此代码验证与子域的链接 好像试图通过php explode删除子域,php,validation,Php,Validation,试图为安全数据库编写一个验证php代码,所以我一直编写到这里 问题是此代码验证与子域的链接 好像 unsafeurl = http://remove.facebook.com/anything //it works (Shows Valid) 但如果 unsafeurl = http://facebook.com/anything //not works (Shows invalid because of $da in place of $do ... i have explode (.)
unsafeurl = http://remove.facebook.com/anything //it works (Shows Valid)
但如果
unsafeurl = http://facebook.com/anything //not works (Shows invalid because of $da in place of $do ... i have explode (.) here)
所以,我在最后一行被绊倒了。。请帮帮我
<?php
$url=$_POST['unsafeurl'];
$safeurl = "facebook";
$front = explode("/", $url);
$host = $front[2];
$domain = explode(".com", $front[2]);
$do = $domain[0];
$domain = explode(".", $url);
$da = $domain[1];
echo $da;
echo "<br />";
if($da==$safeurl) {
echo "valid";
}
else
{
echo "invalid";
}
?>
您可能需要研究PHP
parse_url()
函数
尽管我不清楚你认为什么是“安全”的URL(它必须有<代码> com /代码> TLD吗?它必须是一个脸谱网域吗?),这将很容易地隔离URL的主机部分供你检查。如果URL格式不正确,它还将简单地返回
false
所以你可以做一些类似的事情:
$url = $_POST['unsafeurl'];
$host = parse_url($url, PHP_URL_HOST);
if (false === $host) {
// bad URL
} else {
// get domain with TLD removed
$domain_minus_tld = substr($host, 0, strpos($host, '.', -1));
}
如果您特别想验证这是一个facebook URL,您可以执行以下操作
$url_is_facebook = false;
$url = $_POST['unsafeurl'];
$host = parse_url($url, PHP_URL_HOST);
if (false === $host) {
// bad URL
} else {
// see if this is facebook
$pattern = '/^(www\.)?facebook\.com$/';
if (preg_match($pattern, $host)) {
$url_is_facebook = true;
}
}
我想改变一些事情:
$safeurl = "facebook.com";
# Use parse_url to get host from URL
$explode = explode(".", parse_url($url, PHP_URL_HOST));
# Get last two elements of . explode
$count = count($explode);
$count = $count - 2;
$da = $explode[$count];
$count++;
$da .= ".".$explode[$count];
这应该返回$da
作为facebook.com for anything.here.facebook.com
如果您想使其更高级,以便它可以处理多个URL和.co.uk等:
$safeurl[] = "facebook.com";
$safeurl[] = "google.co.uk";
# Use parse_url to get host from URL
$explode = explode(".", parse_url($url, PHP_URL_HOST));
$valid = 0;
foreach($safeurl as $checkurl) {
# Get number of elements in safeurl
$safecount = count(explode(".", $checkurl));
# Get last $safecount elements of . explode
$count = count($explode);
$count = $count - $safecount;
$da = $explode[$count];
$count++;
while ($explode[$count]) {
$da .= ".".$explode[$count];
$count++;
}
if($da==$checkurl) {
$valid = 1;
}
}
if ($valid==1) { echo "Valid"; }
有人可以核实,但我相信这一切都是正确的。我做得很快。jh314谢谢你的编辑,这本书的有效性
http://remove.stackoverflow.com/questions/ask
以及您为什么要将其与facebook
进行比较?您为什么认为parse_url()
存在?如果stackoverflow是安全的,那么Khawer Zeshan就是一个很好的例子,而这将适用于.com地址,要小心使用www.amazon.co.uk
amazon.co.uk
会被你的代码破坏到co.uk
。我的错。我忘了添加句点,我已经编辑了我的答案(最后一行$da),我添加了一些更高级的代码,以便您可以处理.co.uk和多个安全URL。也许你或其他人也能处理好。