获取响应xml并使用php curl重定向

时间:2014-10-11 11:22:41

标签: php xml curl

我从服务器获取xml响应时遇到了一些问题,这是我第一次遇到这种情况 使用cURL在PHP中用xml编码(将解析后的xml发布到服务器,并接收响应xml) - 所有代码如下:

HTML: 

<html>
<head>
<title>test</title>
</head>
<body>
<form action="3FieldSample.php" method="post" enctype="multipart/form-data" >
<div class="form-field title">
    <div class="input select"><label for="title">Title</label>
    <select name="title" id="title" value="mr">
<option value="mr">Mr</option>
<option value="mrs">Mrs</option>
<option value="dr">Dr</option>
<option value="miss">Miss</option>
<option value="ms">Ms</option>
</select></div>     </div>


<div class="form-field float-left">
        <div class="input select"><label for="fname">First Name</label>
        <input name="fname" value="" maxlength="150" width="100%" type="text" id="fname" /></div>
</div>

<div class="form-field float-left">
            <div class="input text"><label for="ApplicationPaydayAppLastName">Last Name</label>
            <input name="lname" value="" maxlength="150" type="text" id="lname"/></div>     
        </div>
<div class="submit">
 <input type="image" src = "submit.jpg" width="25%" alt="submit" id="submit">
</div>
</form>
</body>
</html>

===============================================

处理:

<?php
header('Content-Type: text/xml');
$xmldoc = new DomDocument( '1.0' );
$xmldoc->preserveWhiteSpace = false;
$xmldoc->formatOutput = true;
$url = "http://thesite_2_post_2.com/process.php";
$title = $_POST['title'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];

$post_string = '<?xml version="1.0" encoding="UTF-8"?>     
<lead>
<applicant>
        <title>'. $title.'</title>
        <fname>'. $fname.'</fname>
        <lname>'. $lname.'</lname>
</applicant>
</lead>';

$header  = "POST HTTP/1.0 \r\n";
$header .= "Content-type: text/xml \r\n";
//#$header .= "Content-type: text/html \r\n";
$header .= "Content-length: ".strlen($post_string)." \r\n";
$header .= "Content-transfer-encoding: text \r\n";
#$header .= "Connection: close \r\n\r\n"; 
$header .= $post_string;
print ($post_string);

$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0); 
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $header);
###curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$data = curl_exec($ch); 
curl_close($ch);
$objResult = json_decode($data);

#
#  This is an example of how I'm supposed to deal with the response?  
#  
#
$_SESSION['price'] = 0;
if ($objResult->purchased == 1) {
$_SESSION['price'] = $objResult->price;
$url = urlencode($objResult->redirect_url);
header('Location: '.$url);
print $objResult;
}
else
{
   echo "something went wrong";
}

?>

上面的最后一个片段是我应该如何处理我没有得到的回应的一个例子。 这是我得到的输出: 此页面包含以下错误:                                     第8行第8行的错误:文档末尾的额外内容。下面是第一个错误的页面呈现。

彼得格里芬先生

当我查看源代码时,我得到了这个输出(没有前导主题标签):

#<?xml version="1.0" encoding="UTF-8"?>     
#<lead>
#<applicant>
    #<title>mr</title>
    #<fname>peter</fname>
    #<lname>griffin</lname>
#</applicant>
#</lead>something went wrong

从服务器获取响应xml的任何帮助都将不胜感激。

1 个答案:

答案 0 :(得分:1)

cURL为您处理HTTP请求的许多细节,包括标头。发送XML文档可以简化如下:

[...]
$cu = curl_init($url);
curl_setopt($cu, CURLOPT_POSTFIELDS, $post_fields); // This implies CURLOPT_POST = true.
curl_setopt($cu, CURLOPT_RETURNTRANSFER, true);
curl_setopt($cu, CURLOPT_HTTPHEADER, [
  "Content-Type: text/xml"
]);
$data = curl_exec($cu);
[...]

您正在打印XML文档,然后执行标头功能。这不会起作用,因为必须在任何输出完成之前设置标题。

作为旁注,您应谨慎插入POST参数而不在XML中进行验证。这段代码:

$title = $_POST['title'];

构成漏洞,因为攻击者可以在HTTP请求中发送任何内容。如果将某些XML作为值发送怎么办?

相关问题
最新问题