.
2. HTTP. (Ethernet, TCP/IP, FTP, Telnet )
HTTP (HyperText Transfer Protocol - RFC 1945, RFC 2616) - .
, HTTP . , . , HTTP, , . , -, , , - IP- .
HTTP :
- ( ).
- ( ).
- .
"" HTTP- .
1. TCP-.
2. .
3. .
4. TCP-.
, , , . HTML- - , .
HTTP
HTTP : , , . . , . . , , , . , , , , , . , .
- HTTP . . . .
HTTP-, , .
- ( -, ).
- .
- .
- .
.
. 2.1. .
:
|
|
, .
- HTTP . , , .
, URI- . CRLF. (SP). LF CR, CRLF.
- = SP URI- SP -HTTP CRLF, - - -HTTP.
HTTP .
HTTP (. HTTP Method) , , . , . , .
GET HEAD. , 501 (Not Implemented). , , 405 (Method Not Allowed). Allow .
GET HEAD, POST.
- GET . . . URL. , .
. GET - . .
URI ?:
GET /path/resource?param1=value1¶m2=value2 HTTP/1.1
HTTP, GET [4]
GET, GET GET. GET If-Modified-Since, If-Match, If-Range . GET Range. .
- POST . . . URL. , .
. , HTML-, POST . ( ) . POST .
GET, POST [4], POST (, ).
200 (Ok) . , 201 (Created) URI Location.
|
|
POST .
- , HTTP .
Host IP- ,
Referer URL , ,
From ,
Accept MIME- , . , . Accept , ,
Accept-Language , , ,
Accept-Charset
Content-Type MIME- , ( )
Content-Length , ( )
Range , ,
Connection TCP-. Close, , . Keep-Alive TCP-,
User-Agent
- , HTTP . .
HTTP (HyperText Transfer Protocol - RFC 1945, RFC 2616) - .
. CGI- , , .
Entity-Header , Entity-Body.
, . Entity-Header : Allow, Content-Encoding, Content-Length, Content-Type, Expires, Last-Modified, extension-header.
Allow .
: "Allow: GET | HEAD\n".
POST Request-Line. . Allow ..
Content-Encoding Entity-Body.
: "ontent-Encoding: x-gzip | x-compress | \n".
: "ontent-Encoding: x-gzip\n". "|" "", ...
, , POST: "ontent-Encoding: application/x-www-form-urlencoded\n".
Content-Length , Entity-Body. Content-Length , MIME, "external/entity-body". .
: "Content-Length: 26457\n".
- Content-Type MIME- , ( ).
: "Content-Type: text/html\n".
Expires , .
: "Expires: date\n". Date General-Header.
Last-Modified .
: "Last-Modified: date\n". Date General-Header.
Extention-header , , , , , . "ParameterName: parametervalue\n". , - , .
: "Cookie: r=1\r\n" .
|
|
:
POST http://www.site.ru/news.html HTTP/1.0\r\n
Host: www.site.ru\r\n
Referer: http://www.site.ru/index.html\r\n
Cookie: income=1\r\n
Content-Type: application/x-www-form-urlencoded\r\n
Content-Length: 35\r\n
\r\n
login=Petya%20Vasechkin&password=qq
Content-Type Content-Length . Content-Length , , \r\n. , GET Request-URI, Entity-Body. , , .
- CGI . . CGI CGI .
CGI (CommonGatewayInterface, ) -- web- (CGI-), HTTP- CGI-.
HTTP-. NCSA HTTP-.
: -. CGI HTML . , . CGI .
CGI-: GET POST. , GET : isindex form-urlencoded, POST multipart/form-data form-urlencoded.
GET QUERY_STRING. POST . CONTENT_LENGTH .
ISINDEX :
http://intuit.ru/somthing-cgi/cgi-script?word1+word2+word3
"?". " + " . "?" QUERY_STRING.
form-urlencoded :
http://intuit.ru/somthing-cgi/cgi-script?field=word1&field2=word2
" _- ", " & ".
GET. "?" QUERY_STRING. , , " % ".
POST "?" QUERY_STRING, . CONTENT_LENGTH.
|
|
multipart/form-data HTTP-, , , . . form-urlencoded, .
- PHP , .
Client
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Client for CGI script</title>
</head>
<body>
<form method="POST" action="http://192.1.2.3/pm/pm.cgi"enctype="multipart/form-data">
<p><b> :</b></p>
<p><textarea rows="10" cols="70" name="data"></textarea></p>
<p><input type="submit" name="sub" value=""></p>
</form>
</body>
</html>
Serverpm.cgi
#!/usr/local/bin/php
<?php
echo $_SERVER["QUERY_STRING"];
?>
- PHP , .
<?php
echo ":\n";
$filename = "count.txt";
$fd = fopen($filename,"r");
$cont = fread($fd, filesize($filename));
fclose($fd);
$cont=$cont+1;
$fd = fopen($filename,"w");
fwrite($fd, $cont);
fclose($fd);
echo $cont;
echo " ().\n";
?>
- HTML PHP . GET POST.
GET
: GET ? HTTP/1.0
: REQUEST_URI; QUERY_STRING , REQUEST_METHOD GET.
( POST) . , ( , , ). HTTP/1.0 - , HTTP/1.1. , , .
? , URL. - , . URI (UniversalResourceIdentifier - ). URL ( , HTTP). URL Web- , URI - , ( IP-) .
$a, $b $c GET . :
$a = $_GET['a']; |
$b = $_GET['b']; |
$c = $_GET['c']; |
$summa = $a + $b + $c; |
echo " $a + $b + $c = $summa"; |
POST
: POST ? HTTP/1.0
: REQUEST_URI; QUERY_STRING , REQUEST_METHOD POST.
POST. POST:
POST /script.cgi HTTP/1.0\n
Content-length: 6\n
\n
Hello!
, . , \n\n, , Hello! 6 - . , POST- ( , ), . , , . . , ? Content-Length, .
POST? , . , Web , . , POST : , GET, , , , URL . , POST- URL .
|
|
. post-1.php
<!-- --> | |
<form action="post-2.php" method="post" name="form1" target="_blank"> |
<!-- --> | |
<p><input name="name" type="text" size="20"></p> |
<p><input name="lastname" type="text" size="20"></p> | |
<!-- --> |
<p><input name="submit" type="submit" value=""></p> | |
</form> |
- PHP , IP .
<?php
$filename = "ip.txt";
$date=date("d.m.Y");
$time=date("H:i:s");
$fd = fopen($filename,"a");
fwrite($fd, $date." ".$time." from ".$REMOTE_ADDR);
fclose($fd);
?>
- PHP . SQL .PHP .
web-.
1) XSS
) XSS
) XSS
2) SQL-
3)
)
)
SQL-
SQL-injection (, ) , sql- , , , .
:
...
$id=$_GET['id'];
$query="SELECT * FROM articles WHERE id='".$id."';
$ret=mysql_query($query);
...
. , , $id = 13', , . ( ).
php , .
:
1) - . $_GET, $_POST $_COOKIES , "'" "\'"
2) :...whereid = $id..., ...whereid = '$id' .
PHP- (. PHPinjection) -, PHP, . :
eval(),
preg_replace() ( e),
require_once(),
include_once(),
include(),
require(),
create_function().
PHP- , .
- XML, . XML HTML. .
XML (. eXtensibleMarkupLanguage ; [--́]) , . XML , ( ), , (, XHTML). XML SGML.
XML HTML.
HTML , Web-. , , , , . , HTML .
, HTML.
- , (, , , ..) , HTML , .
- , . HTML-, (, ). , , , , ( , , MicrosoftAccess). HTML .
- , . , , , A, B, C .. , , , . HTML . :
, , .
XML .
Extensible Stylesheet Language (XSL) XML.
XML Schema XML- XML, DTD.
XML Linking Language (XLink) XML-. , HTML.
XML Pointer Language (XPointer) . XPointer XLink .
- XML. .
XML - , , HTML, Web-. HTML, .
" " ("well-formed"), "" ("valid"). :
XML ( <TAG />, ).
, .
.
.
, XML-:
(CSS) (XSL).
. HTML-, XML- HTML- XML. HTML- XML-.
. HTML-, XML- XML- JavaScript VBScript.
XML-
<?xml version="1.0"?>
<!-- Comment -->
<PRODUCTS>
<PRODUCT>
<TITLE> Product #1 </TITLE>
<PRICE> 10.00 </PRICE>
</PRODUCT>
<PRODUCT>
<TITLE> Product #2 </TITLE>
<PRICE> 20.00 </PRICE>
</PRODUCT>
</PRODUCTS>