2010-10-18 75 views
1

好了,所以這是我的HTML形式POST +直接。不張貼

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> 
<!-- XHTML ADVANCED --> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
    <title>Find Hotels</title> 
    <style type="text/css"> 
    a:visted {color:#e27023; } 
    .duksai {margin-right:10px; font-size:12pt; margin-left:58px; font-family:arial; } 
    .ifivmjg {margin-right:10px; font-size:14pt; margin-left:20px; font-family:arial; font-weight:bold; } 
    body {color:#000; width:640px; font-family:arial; margin:0 auto; } 
    .ijvdpgk {padding-top:10px; } 
    .dropDownValuesText1 {font-size:12pt; margin-left:10px; font-family:arial; } 
    .marginLeftRight10px {margin-right:10px; margin-left:10px; } 
    a:link {color:#d74119; } 
    .famvote {margin-right:10px; padding-top:5px; text-align:right; font-size:11pt; margin-left:10px; font-family:arial; } 
    .headerRightButton {text-align:right; margin:5px; } 
    .ngcwmjg {margin-right:10px; font-size:14pt; margin-left:25px; font-family:arial; font-weight:bold; } 
    .header {height:45px; width:640px; background-color:white; } 
    a:active {color:#ffe2b0; } 
    .onhqbwf {color:#8E8077; text-align:center; width:640px; font-size:10px; font-family:arial; } 
    .umoanjg {margin-right:10px; font-size:14pt; margin-left:10px; font-family:arial; font-weight:bold; } 
    .pgrvmh {margin-right:10px; font-size:12pt; margin-left:28px; font-family:arial; } 
    .fwmduhg {display:none; } 
    .luadegf {height:34px; width:249px; margin-left:40px; border:0; } 
    .etqkskk {border-top-style:solid; padding-top:3px; height:24px; text-align:center; font-size:12px; background-color:#EFEFEF; border-color:#CDC5C0; font-family:arial; border-width:1px; padding-bottom:3px; } 
    .vbjanh {margin-right:10px; font-size:12pt; margin-left:10px; font-family:arial; } 
    .hhsrkom {width:640px; } 
    .Label {font-size:14pt; margin-left:10px; font-family:arial; font-weight:bold; } 
    .lghspdf {text-align:right; width:65%; } 
    img {border:0; } 
    .oaoftwj {margin:0px; padding:0px; } 
    a:hover {color:#ffe2b0; } 
    .gwlmmic {text-align:center; width:320px; } 

    </style><meta name="description" content="Find Hotels"/> 

</head> 
<body class="oaoftwj"> 

    <table class="header"> 
    <tr> 
    <td></td> 
    </tr> 
    <tr> 
    <td class="lghspdf"> 
    <img src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/us/intercontinental-hotels-group.jpg" alt="Brand Logo" width="76" height="45"/> 
    </td> 
    <td class="headerRightButton"> 

    <a href="http://www.ichotelsgroup.com/wireless/6c/us/en/home.action"><img src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/us/btn_med_return-to-search.gif" alt="Home" width="70" height="17"/></a> 
    </td> 

    </tr> 

    </table> 
    <!-- TextBlock --> 
    <div class="etqkskk"> 
    For Reservations:<a href="tel:+448000839876" > 

     44 800 083 9876</a><br /> 

    </div> 

    <!-- TextBlock --> 
    <div class="ijvdpgk"> 

    </div> 

    <!-- TextBlock --> 
    <div class="famvote"> 

    * Indicates required field 
    </div> 

    <form action="functions.php" method="post"> 
    <div> 
    <input type="hidden" name="country" value="GBR"> 
    <input type="hidden" name="city" value="SWINDON" /><br /> 
    <span class="umoanjg">Check-In Date&#160;*</span><br /> 
    <select class="vbjanh" name="checkinDay" title=""> 
     <option value="1" >1</option> 
     <option value="2" >2</option> 

     <option value="3" >3</option> 
     <option value="4" >4</option> 
     <option value="5" >5</option> 
     <option value="6" >6</option> 
     <option value="7" >7</option> 
     <option value="8" >8</option> 

     <option value="9" >9</option> 
     <option value="10" >10</option> 
     <option value="11" >11</option> 
     <option value="12" >12</option> 
     <option value="13" >13</option> 
     <option value="14" >14</option> 

     <option value="15" >15</option> 
     <option value="16" >16</option> 
     <option value="17" selected="selected">17</option> 
     <option value="18" >18</option> 
     <option value="19" >19</option> 
     <option value="20" >20</option> 

     <option value="21" >21</option> 
     <option value="22" >22</option> 
     <option value="23" >23</option> 
     <option value="24" >24</option> 
     <option value="25" >25</option> 
     <option value="26" >26</option> 

     <option value="27" >27</option> 
     <option value="28" >28</option> 
     <option value="29" >29</option> 
     <option value="30" >30</option> 
     <option value="31" >31</option> 

    </select> 

    <select class="vbjanh" name="checkinMonthYear" title=""> 
     <option value="092010" selected="selected">October 2010</option> 
     <option value="102010" >November 2010</option> 
     <option value="112010" >December 2010</option> 
     <option value="002011" >January 2011</option> 
     <option value="012011" >February 2011</option> 

     <option value="022011" >March 2011</option> 
     <option value="032011" >April 2011</option> 
     <option value="042011" >May 2011</option> 
     <option value="052011" >June 2011</option> 
     <option value="062011" >July 2011</option> 
     <option value="072011" >August 2011</option> 

     <option value="082011" >September 2011</option> 

    </select> 
    <br /> 
    <br /> 
    <span class="umoanjg">Check-Out Date&#160;*</span><br /> 
    <select class="vbjanh" name="checkoutDay" title=""> 
     <option value="1" >1</option> 

     <option value="2" >2</option> 
     <option value="3" >3</option> 
     <option value="4" >4</option> 
     <option value="5" >5</option> 
     <option value="6" >6</option> 
     <option value="7" >7</option> 

     <option value="8" >8</option> 
     <option value="9" >9</option> 
     <option value="10" >10</option> 
     <option value="11" >11</option> 
     <option value="12" >12</option> 
     <option value="13" >13</option> 

     <option value="14" >14</option> 
     <option value="15" >15</option> 
     <option value="16" >16</option> 
     <option value="17" >17</option> 
     <option value="18" selected="selected">18</option> 
     <option value="19" >19</option> 

     <option value="20" >20</option> 
     <option value="21" >21</option> 
     <option value="22" >22</option> 
     <option value="23" >23</option> 
     <option value="24" >24</option> 
     <option value="25" >25</option> 

     <option value="26" >26</option> 
     <option value="27" >27</option> 
     <option value="28" >28</option> 
     <option value="29" >29</option> 
     <option value="30" >30</option> 
     <option value="31" >31</option> 


    </select> 
    <select class="vbjanh" name="checkoutMonthYear" title=""> 
     <option value="092010" selected="selected">October 2010</option> 
     <option value="102010" >November 2010</option> 
     <option value="112010" >December 2010</option> 
     <option value="002011" >January 2011</option> 
     <option value="012011" >February 2011</option> 

     <option value="022011" >March 2011</option> 
     <option value="032011" >April 2011</option> 
     <option value="042011" >May 2011</option> 
     <option value="052011" >June 2011</option> 
     <option value="062011" >July 2011</option> 
     <option value="072011" >August 2011</option> 

     <option value="082011" >September 2011</option> 

    </select> 
    <br /> 
    <br /> 
    <span class="umoanjg">Adults</span><span class="ifivmjg">Children</span><span class="ngcwmjg">Rooms</span><br /> 
    <select class="vbjanh" name="numAdults" title=""> 
     <option value="1" >1</option> 

     <option value="2" >2</option> 
     <option value="3" >3</option> 
     <option value="4" >4</option> 
     <option value="5" >5</option> 
     <option value="6" >6</option> 
     <option value="7" >7</option> 

     <option value="8" >8</option> 
     <option value="9" >9</option> 
     <option value="10" >10</option> 
     <option value="11" >11</option> 
     <option value="12" >12</option> 
     <option value="13" >13</option> 

     <option value="14" >14</option> 
     <option value="15" >15</option> 
     <option value="16" >16</option> 
     <option value="17" >17</option> 
     <option value="18" >18</option> 
     <option value="19" >19</option> 

     <option value="20" >20</option> 

    </select> 
    <select class="pgrvmh" name="numChildren" title=""> 
     <option value="0" >0</option> 
     <option value="1" >1</option> 
     <option value="2" >2</option> 
     <option value="3" >3</option> 

     <option value="4" >4</option> 
     <option value="5" >5</option> 
     <option value="6" >6</option> 
     <option value="7" >7</option> 
     <option value="8" >8</option> 
     <option value="9" >9</option> 

     <option value="10" >10</option> 
     <option value="11" >11</option> 
     <option value="12" >12</option> 
     <option value="13" >13</option> 
     <option value="14" >14</option> 
     <option value="15" >15</option> 

     <option value="16" >16</option> 
     <option value="17" >17</option> 
     <option value="18" >18</option> 
     <option value="19" >19</option> 
     <option value="20" >20</option> 

    </select> 

    <select class="duksai" name="numRooms" title=""> 
     <option value="1" >1</option> 
     <option value="2" >2</option> 
     <option value="3" >3</option> 
     <option value="4" >4</option> 
     <option value="5" >5</option> 

     <option value="6" >6</option> 
     <option value="7" >7</option> 
     <option value="8" >8</option> 
     <option value="9" >9</option> 

    </select> 
    <br /> 
    <br /> 

    <span class="Label">Sort Results By</span><br /> 
    <select class="dropDownValuesText1" name="sortByParam" title=""> 
     <option value="BRAND_SORT" selected="selected">Brand</option> 
     <option value="DISTANCE_SORT" >Distance</option> 

    </select> 
    <br /> 
    <br /> 

    <input type="hidden" name="fromGeoLocation" value="false"/><input type="hidden" name="backURL" value="/wireless//6c/us/en/searchForm.action"/><br /> 
    <span class="luadegf"><input type="image" name="Find a Hotel" src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/us/btn_lrg_find-a-hotel.gif" alt='Find a Hotel'/></span> 
    </div> 
    </form> 
    <table class="onhqbwf"> 
    <tr> 
    <td></td><td></td><td></td> 
    </tr> 
    <tr> 

    <td class="gwlmmic"> 
    <a href="http://www.ichotelsgroup.com/wireless/6c/us/en/coremetric.action?hrefValue=http%3A%2F%2Fwww.ichotelsgroup.com%2Fh%2Fd%2F6c%2F1%2Fen%2Fhome%3FmobileSite%3Dtrue&amp;linkName=full_html" > 
    View Full Website</a>&#160;&#160;&#160;&#160;<a href="/wireless/6c/us/en/truste.action"><img src="http://prodcache.internal.ihg.com/content/dam/mobile/6c/en/truste_certified_privacy.gif" alt="TRUSTe" width="88" height="25"/></a>&#160;&#160;&#160;&#160;<a href="/wireless/6c/us/en/terms.action" > 
    Terms of Use</a> 
    </td> 

    </tr> 
    <tr> 

    <td class="hhsrkom"> 
    &copy;2001-2010 InterContinental Hotels Group (IHG).<br />All Rights Reserved. IHG Proprietary Information. 
    </td> 

    </tr> 

    </table> 
    <span class="fwmduhg"><img src="/wireless/ga.jsp?utmac=MO-1237384-24&amp;utmn=1803370972&amp;utmr=-&amp;utmp=%2Fwireless%2Fjsp%2Fhotel_search.jsp&amp;guid=ON" alt=""/></span> 
</body> 
</html> 

這裏是帖子的形式和重新引導到另一個頁面中的PHP。但它似乎沒有正確發佈數據。我究竟做錯了什麼?

<?php 


$FindAHotel = (isset($_POST['Find A Hotel'])) ? TRUE : FALSE; 

$country = (isset($_POST['country'])) ? strip_tags($_POST['country']) : FALSE; 
$city = (isset($_POST['city'])) ? strip_tags($_POST['city']) : FALSE; 
$checkinDay = (isset($_POST['checkinDay'])) ? strip_tags($_POST['checkinDay']) : FALSE; 
$checkinMonthYear = (isset($_POST['checkinMonthYear'])) ? strip_tags($_POST['checkinMonthYear']) : FALSE; 
$checkoutDay = (isset($_POST['checkoutDay'])) ? strip_tags($_POST['checkoutDay']) : FALSE; 
$checkoutMonthYear = (isset($_POST['checkoutMonthYear'])) ? strip_tags($_POST['checkoutMonthYear']) : FALSE; 
$numAdults = (isset($_POST['numAdults'])) ? strip_tags($_POST['numAdults']) : FALSE; 
$numChildren = (isset($_POST['numChildren'])) ? strip_tags($_POST['numChildren']) : FALSE; 
$numRooms = (isset($_POST['numRooms'])) ? strip_tags($_POST['numRooms']) : FALSE; 
$sortByParam = (isset($_POST['sortByParam'])) ? strip_tags($_POST['sortByParam']) : FALSE; 
$fromGeoLocation = (isset($_POST['fromGeoLocation'])) ? strip_tags($_POST['fromGeoLocation']) : FALSE; 
$backURL = (isset($_POST['backURL'])) ? strip_tags($_POST['backURL']) : FALSE; 


session_start(); 

if (($_SESSION['optIn']==0)||(!isset($_SESSION['optIn']))) 
{ 

header("Location: http://www.ichotelsgroup.com/wireless/ex/us/en/rates.action?mnemonic=SWICC&navigationFlag=true&hotelAvailable=true"); 
} 
else { 

?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<title></title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 
<script language="JavaScript"> 
function submitForm(){ 
document.form.submit(); 
} 
</script> 
</head> 

<body onload="submitForm()"> 
<form method="post" action="http://www.ichotelsgroup.com/wireless/ex/us/en/search.action" name="myForm" id="myForm"> 
<input type="hidden" name="country" value="<?php echo($country); ?>" /> 
<input type="hidden" name="city" value="<?php echo($city); ?>" /> 
<input type="hidden" name="checkinDay" value="<?php echo($checkinDay); ?>" /> 
<input type="hidden" name="checkinMonthYear" value="<?php echo($checkinMonthYear); ?>" /> 
<input type="hidden" name="checkoutDay" value="<?php echo($checkoutDay); ?>" /> 
<input type="hidden" name="checkoutMonthYear" value="<?php echo($checkoutMonthYear); ?>" /> 
<input type="hidden" name="numAdults" value="<?php echo($numAdults); ?>" /> 
<input type="hidden" name="numChildren" value="<?php echo($numChildren); ?>" /> 
<input type="hidden" name="numRooms" value="<?php echo($numRooms); ?>" /> 
<input type="hidden" name="sortByParam" value="<?php echo($sortByParam); ?>" /> 
<input type="hidden" name="fromGeoLocation" value="<?php echo($fromGeoLocation); ?>" /> 
<input type="hidden" name="backURL" value="<?php echo($backURL); ?>" /> 
<input type="hidden" name="Find a Hotel" value="<?php echo($FindAHotel); ?>" /> 

</form> 
<script type='text/javascript'>document.myForm.submit();</script> 
</body> 
</html> 
<? } 
?> 

感謝這麼先進

+1

的原始值*巨大的* XSS安全問題,因爲您輸出非轉義的用戶提供的值到HTML。請在所有'value =「<?php echo ...?>」''調用中使用'htmlspecialchars()',並且基本上在其他地方向HTML輸出數據。 – Tomalak 2010-10-18 09:35:20

+1

確實。使用'striptags()'**不夠**保護你,特別是因爲你插入屬性值,只有引號字符突破了上下文。在輸入階段放棄'striptags()'(這是錯誤的事情),而是在輸出階段使用'htmlspecialchars()'。爲了減少打字量,定義一個快捷方式函數'h()',它會聲明'echo htmlspecialchars()'。 – bobince 2010-10-18 10:00:39

回答

4
body onload="submitForm()" 

這麼多的將是問題。

閱讀關於cURL,然後收集所需的變量以儘可能縮小結果範圍。您也可以在Stack Overflow上找到很多cURL-related questions

+1

哈!發現得好。 – 2010-10-18 09:31:17

+0

謝謝佩卡! :) – fabrik 2010-10-18 09:32:50

+0

謝謝!它需要說什麼呢? – Miles 2010-10-18 10:14:27

1

我在做什麼錯?

我不知道:)但這裏有幾個基本的調試步驟:

  • 查找到形式(通過源代碼或螢火蟲/元檢查員)看場是否實際上是人口

  • 在接收頁面做一個print_r($_POST);看到您有一個能張貼