我想要实施flexigirid。
问题是当flexigrid尝试发送POST(在我的本地LAMP设置上尝试此example)时
POST示例:
page=1&rp=10&sortname=id&sortorder=asc&query=&qtype=name
这可以工作并发送到post2.php,问题是来自我本地服务器的响应。以下是该示例的结果(如上所述)。
{
page: 1,
total: 240,
rows: [
{id:'1',cell:['1','AF','AFGHANISTAN','Afghanistan','AFG','4']},
{id:'2',cell:['2','AL','ALBANIA','Albania','ALB','8']},
{id:'3',cell:['3','DZ','ALGERIA','Algeria','DZA','12']},
{id:'4',cell:['4','AS','AMERICAN SAMOA','American Samoa','ASM','16']},
{id:'5',cell:['5','AD','ANDORRA','Andorra','AND','20']},
{id:'6',cell:['6','AO','ANGOLA','Angola','AGO','24']},
{id:'7',cell:['7','AI','ANGUILLA','Anguilla','AIA','660']},
{id:'8',cell:['8','AQ','ANTARCTICA','Antarctica','','']},
{id:'9',cell:['9','AG','ANTIGUA AND BARBUDA','Antigua and Barbuda','ATG','28']},
{id:'10',cell:['10','AR','ARGENTINA','Argentina','ARG','32']}]
}
这填补了表格,并且很好。
以下是我从服务器获取的响应: (使用burp suite分析请求和响应)
HTTP/1.1 200 OK
Date: Mon, 21 Feb 2011 15:13:18 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.1
Cache-Control: public
Expires: Mon, 21 Feb 2011 15:13:18 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 2287
<?
error_reporting(0);
function runSQL($rsql) {
$hostname = "localhost";
$username = "removed..";
$password = "removed..";
$dbname = "removed..";
$connect = mysql_connect($hostname,$username,$password) or die ("Error: could not connect to database");
$db = mysql_select_db($dbname);
$result = mysql_query($rsql) or die ('test');
return $result;
mysql_close($connect);
}
function countRec($fname,$tname,$where) {
$sql = "SELECT count($fname) FROM $tname $where";
$result = runSQL($sql);
while ($row = mysql_fetch_array($result)) {
return $row[0];
}
}
$page = $_POST['page'];
$rp = $_POST['rp'];
$sortname = $_POST['sortname'];
$sortorder = $_POST['sortorder'];
if (!$sortname) $sortname = 'name';
if (!$sortorder) $sortorder = 'desc';
if($_POST['query']!=''){
$where = "WHERE `".$_POST['qtype']."` LIKE '%".$_POST['query']."%' ";
} else {
$where ='';
}
if($_POST['letter_pressed']!=''){
$where = "WHERE `".$_POST['qtype']."` LIKE '".$_POST['letter_pressed']."%' ";
}
if($_POST['letter_pressed']=='#'){
$where = "WHERE `".$_POST['qtype']."` REGEXP '[[:digit:]]' ";
}
$sort = "ORDER BY $sortname $sortorder";
if (!$page) $page = 1;
if (!$rp) $rp = 10;
$start = (($page-1) * $rp);
$limit = "LIMIT $start, $rp";
$sql = "SELECT id,iso,name,printable_name,iso3,numcode FROM country $where $sort $limit";
$result = runSQL($sql);
$total = countRec('iso','country',$where);
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT" );
header("Last-Modified: " . gmdate( "D, d M Y H:i:s" ) . "GMT" );
header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" );
header("Content-type: text/x-json");
$json = "";
$json .= "{\n";
$json .= "page: $page,\n";
$json .= "total: $total,\n";
$json .= "rows: [";
$rc = false;
while ($row = mysql_fetch_array($result)) {
if ($rc) $json .= ",";
$json .= "\n{";
$json .= "id:'".$row['id']."',";
$json .= "cell:['".$row['id']."','".$row['iso']."'";
$json .= ",'".addslashes($row['name'])."'";
$json .= ",'".addslashes($row['printable_name'])."'";
$json .= ",'".addslashes($row['iso3'])."'";
$json .= ",'".addslashes($row['numcode'])."']";
$json .= "}";
$rc = true;
}
$json .= "]\n";
$json .= "}";
echo $json;
?>
Cleary整个post2.php文件被退回了?! (使用我的mysql密码和用户名!)而不是$json变量......发生了什么? PHP是服务器端,只能看到文件末尾的echo $json;。这吓坏了我一点..大安全漏洞..
答案 0 :(得分:0)
显然,您的服务器似乎没有配置为处理“&lt;?”标签为php标签。尝试替换“&lt;?”通过“&lt;?php”。它应该看起来更好。