非法使用 $_REQUEST。您必须使用请求 class 或 request_var() 来访问输入数据
Illegal use of $_REQUEST. You must use the request class or request_var() to access input data
有点超出我的深度。我正在将论坛提供商 'phpBB' 与我自己的站点集成,并为 phpBB 本身创建一个外部直接消息传递系统。我正处于收到此错误的阶段:
Warning: Cannot modify header information - headers already sent by
(output started at /home/treeves4/public_html/pm/pm/new_pm.php:25) in
/home/treeves4/public_html/pm/pm/phpBB/includes/functions.php on line
2474
Illegal use of $_REQUEST. You must use the request class or
request_var() to access input data. Found in
/home/treeves4/public_html/pm/pm/new_pm.php on line 43. This error
message was generated by deactivated_super_global.
我已经试过 $_POST 了,但还是不行。使用 $_REQUEST_VAR 不会引发任何错误,但它会破坏脚本并且在提交信息时没有任何反应。
PHP 文件:
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
?>
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($_REQUEST['title'], $_REQUEST['recip'], $_REQUEST['message']))
{
$otitle = $_REQUEST['title'];
$orecip = $_REQUEST['recip'];
$omessage = $_REQUEST['message'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($_REQUEST['title']!='' and $_REQUEST['recip']!='' and $_REQUEST['message']!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
我认为 'superglobals' 在 php.ini 中被禁用并且 $_GET、$_POST 和 $_REQUEST 不可用。
您可以通过使用 'global' 关键字声明它们来将它们拉入范围,但我不确定。
global $_POST;
根据您引用的错误信息:使用request_var()。
https://wiki.phpbb.com/Function.request_var
http://php.net/manual/en/reserved.variables.request.php
Docs say: This is a 'superglobal', or automatic global, variable. This
simply means that it is available in all scopes throughout a script.
There is no need to do global $variable; to access it within functions
or methods.
http://php.net/manual/en/language.variables.superglobals.php
伙计们干杯,事实证明对我来说很难,但在你们的帮助下我做到了。我在下面添加了编辑内容。
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
$gettitle = request_var('title', '0');
$getrecip = request_var('recip', '0');
$getmessage=request_var('message', '0');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($gettitle,$getrecip,$getmessage))
{
$otitle = $gettitle;
$orecip = $getrecip;
$omessage = $getmessage;
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($gettitle!='' and $getrecip!='' and $getmessage!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
超级全局变量已在 phpBB 3.1 中禁用,并且 3.0.x 中的 request_var() 函数已被弃用。
您应该使用 request class,文档在 phpBB 开发维基上 - https://wiki.phpbb.com/PhpBB3.1/RFC/Request_class
@Eeji 的回答是我在大多数情况下所做的:但是,在一些罕见的情况下,使用请求 class 是不可能的,例如当您处理现有的 pre-3.1 时phpBB 实现,并且您想升级论坛而不必弄乱使用 superglobals 的 PHP 脚本,并且您不拥有、不知道或被允许更改。
出现这种情况时,您可以选择全局或以编程方式重新启用超全局变量:
全球
打开 /phpbb/config/parameters.yml 文件并将 core.disable_super_globals 键从 true 更改为 false。
以编程方式
这是一个示例代码,可用于临时启用超全局变量(每个请求 范围):
// temporarily enable superglobals
$request->enable_super_globals();
// TODO: do your stuff here.
// disable superglobals again
$request->disable_super_globals();
您还可以阅读我写的有关此主题的 this blog post 以获取更多信息。
有点超出我的深度。我正在将论坛提供商 'phpBB' 与我自己的站点集成,并为 phpBB 本身创建一个外部直接消息传递系统。我正处于收到此错误的阶段:
Warning: Cannot modify header information - headers already sent by (output started at /home/treeves4/public_html/pm/pm/new_pm.php:25) in /home/treeves4/public_html/pm/pm/phpBB/includes/functions.php on line 2474
Illegal use of $_REQUEST. You must use the request class or request_var() to access input data. Found in /home/treeves4/public_html/pm/pm/new_pm.php on line 43. This error message was generated by deactivated_super_global.
我已经试过 $_POST 了,但还是不行。使用 $_REQUEST_VAR 不会引发任何错误,但它会破坏脚本并且在提交信息时没有任何反应。
PHP 文件:
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
?>
<?php
include('config.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($_REQUEST['title'], $_REQUEST['recip'], $_REQUEST['message']))
{
$otitle = $_REQUEST['title'];
$orecip = $_REQUEST['recip'];
$omessage = $_REQUEST['message'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($_REQUEST['title']!='' and $_REQUEST['recip']!='' and $_REQUEST['message']!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
我认为 'superglobals' 在 php.ini 中被禁用并且 $_GET、$_POST 和 $_REQUEST 不可用。
您可以通过使用 'global' 关键字声明它们来将它们拉入范围,但我不确定。
global $_POST;
根据您引用的错误信息:使用request_var()。
https://wiki.phpbb.com/Function.request_var
http://php.net/manual/en/reserved.variables.request.php
Docs say: This is a 'superglobal', or automatic global, variable. This simply means that it is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods.
http://php.net/manual/en/language.variables.superglobals.php
伙计们干杯,事实证明对我来说很难,但在你们的帮助下我做到了。我在下面添加了编辑内容。
<?php
include('config.php');
define('IN_PHPBB', true);
$phpbb_root_path = './phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');
$_SESSION['userid'] = $user->data['user_id'];
$_SESSION['username'] = $user->data['username'];
$gettitle = request_var('title', '0');
$getrecip = request_var('recip', '0');
$getmessage=request_var('message', '0');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" />
<title>New PM</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a>
</div>
<?php
//We check if the user is logged on
if(isset($_SESSION['username']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($gettitle,$getrecip,$getmessage))
{
$otitle = $gettitle;
$orecip = $getrecip;
$omessage = $getmessage;
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$otitle = stripslashes($otitle);
$orecip = stripslashes($orecip);
$omessage = stripslashes($omessage);
}
//We check if all the fields are filled
if($gettitle!='' and $getrecip!='' and $getmessage!='')
{
//We protect the variables
$title = mysql_real_escape_string($otitle);
$recip = mysql_real_escape_string($orecip);
$message = mysql_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));
//We check if the recipient exists
$dn1 = mysql_fetch_array(mysql_query('SELECT count(user_id) as recip, user_id as recipid, (select count(*) from pm) as npm
FROM phpbb_users
WHERE username = "'.$recip.'"'));
if($dn1['recip']==1)
{
//We check if the recipient is not the actual user
if($dn1['recipid']!=$_SESSION['userid'])
{
$id = $dn1['npm']+1;
//We send the message
if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$title.'", "'.$_SESSION['userid'].'", "'.$dn1['recipid'].'", "'.$message.'", "'.time().'", "yes", "no")'))
{
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
$form = false;
}
else
{
//Otherwise, we say that an error occured
$error = 'An error occurred while sending the message';
}
}
else
{
//Otherwise, we say the user cannot send a message to himself
$error = 'You cannot send a message to yourself.';
}
}
else
{
//Otherwise, we say the recipient does not exists
$error = 'The recipient does not exists.';
}
}
else
{
//Otherwise, we say a field is empty
$error = 'A field is empty. Please fill of the fields.';
}
}
elseif(isset($_GET['recip']))
{
//We get the username for the recipient if available
$orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
<div class="content">
<h1>New Personal Message</h1>
<form action="new_pm.php" method="post">
Please fill the following form to send a Personal message.<br />
<label for="title">Title</label><input type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
<label for="recip">Recipient<span class="small">(Username)</span></label><input type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
<label for="message">Message</label><textarea cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
<input type="submit" value="Send" />
</form>
</div>
<?php
}
}
else
{
echo '<div class="message">You must be logged to access this page.</div>';
}
?>
<div class="foot"><a href="list_pm.php">Go to my Personal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div>
</body>
</html>
超级全局变量已在 phpBB 3.1 中禁用,并且 3.0.x 中的 request_var() 函数已被弃用。
您应该使用 request class,文档在 phpBB 开发维基上 - https://wiki.phpbb.com/PhpBB3.1/RFC/Request_class
@Eeji 的回答是我在大多数情况下所做的:但是,在一些罕见的情况下,使用请求 class 是不可能的,例如当您处理现有的 pre-3.1 时phpBB 实现,并且您想升级论坛而不必弄乱使用 superglobals 的 PHP 脚本,并且您不拥有、不知道或被允许更改。
出现这种情况时,您可以选择全局或以编程方式重新启用超全局变量:
全球
打开 /phpbb/config/parameters.yml 文件并将 core.disable_super_globals 键从 true 更改为 false。
以编程方式
这是一个示例代码,可用于临时启用超全局变量(每个请求 范围):
// temporarily enable superglobals
$request->enable_super_globals();
// TODO: do your stuff here.
// disable superglobals again
$request->disable_super_globals();
您还可以阅读我写的有关此主题的 this blog post 以获取更多信息。