我正在使用NSURL来调用与MySQL数据库交互的PHP脚本。我通过URL传递变量,可以拦截和攻击。有没有办法用Swift传递表单数据,或者使用我现在使用的类似结构将变量安全地传递给URL?我已经完成了应用程序只是为了实现这个漏洞。如果没有办法改变这段代码,我想我必须改写一堆...
这是我的结构代码:
let username = "bob"
let myUrl = NSURL(string: "http://127.0.0.1/phpscript.php?username=\(username)")
let request = NSMutableURLRequest(URL: myUrl!)
request.HTTPMethod = "POST"
let task = NSURLSession.sharedSession().dataTaskWithRequest(request) {
data, response, error in
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0)) {
let responseString = NSString(data: data!, encoding: NSUTF8StringEncoding)
if error != nil {
print("Error: \(error)")
}
dispatch_async(dispatch_get_main_queue()) {
self.testLabel.text = "\(responseString!)"
}
}
}
task.resume()
如您所见,只需查看URL即可收集用户名。您是否知道通过URL传递变量的方法,而不必重写所有这些代码?
非常感谢
答案 0 :(得分:0)
您可以通过在..."POST"和let task...此代码之间添加来通过帖子传递用户名:
let postString = "username=\(username)"
request.HTTPBody = postString.dataUsingEncoding(NSUTF8StringEncoding)
最终结果:
let username = "bob"
let myUrl = NSURL(string: "http://127.0.0.1/phpscript.php")
let request = NSMutableURLRequest(URL: myUrl!)
request.HTTPMethod = "POST"
let postString = "username=\(username)"
request.HTTPBody = postString.dataUsingEncoding(NSUTF8StringEncoding)
let task = NSURLSession.sharedSession().dataTaskWithRequest(request) {
data, response, error in
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0)) {
let responseString = NSString(data: data!, encoding: NSUTF8StringEncoding)
if error != nil {
print("Error: \(error)")
}
dispatch_async(dispatch_get_main_queue()) {
self.testLabel.text = "\(responseString!)"
}
}
}
task.resume()