If you want to go through xml, you need to use RESTful architecture. This architecture is a set of decisions related to the transfer of resource information from the client to the server and vice versa. REST resources can be provided in virtually any form, for example: XML, JSON and even HTML. The architecture provides for the transfer of a resource from one application to another. I suggest you contact Spring MVC. He's using a very flexible counteralling class model.

Simple method:data := []byte(`{"foo":"bar"}`) r := bytes.NewReader(data) resp, err := http.Post("http://example.com/upload", "application/json", r) if err != nil { return err } See also https://golang.org/pkg/net/http/#Client.Post ♪ https://play.golang.org/p/YzPQULc8pc

Use the processor. submit to send ajax request. (Don't forget to add jQuery to the violin page if it's not there yet.)$('form.em').submit(function() { $.ajax({ type:'POST', url:'script.php', dataType:'html', data: $(this).serialize(), success:function(response){ $('#your div id').html(response); }, error:function(response){ alert('error, response - ' + response); } }); return false; });

You should not refer to the image, but send the image itself in a multipart/form-data format.You can't do this on JavaScript's browser. https://ru.wikipedia.org/wiki/Cross-origin_resource_sharing ♪ Lock the image on your server and send it to the VC. Example procedure for downloading pictures on the PHP with the help of cURL, I described in https://ru.stackoverflow.com/questions/586032/%D0%9E%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%BA%D0%B0-%D0%B8%D0%B7%D0%BE%D0%B1%D1%80%D0%B0%D0%B6%D0%B5%D0%BD%D0%B8%D1%8F-%D0%BC%D0%B5%D1%82%D0%BE%D0%B4%D0%BE%D0%BC-post/586093#586093 ♪

I answered my question, without Headless browser, that's impossible.

You can do it all.$Word = $this->load->view('/view_word_shablon', $this->data, true); $Word = "\xEF\xBB\xBF" . $Word; // UTF-8 BOM $filename = 'export-word-' . $id . '.doc'; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: application/msword"); header("Content-Disposition: attachment; filename=" . $filename . ";"); header("Content-Length: " . $filename); $this->load->helper('download'); force_download($filename, $Word); It's a work code on CodeIgniter. The template contains a simple php file with several echo and print et al.Maybe help.

Method https://vk.com/dev/photos.getUploadServer Give you back the JSON target in the field. upload_url which contains an address to download the photograph. You need to form a POST request for this address by putting it in the field. file1♪file5 The pictures you want to download. It's the best thing to do with URL. This is an example:// Инициализируем cURL $ch = curl_init(); // Поля POST-запроса $parameters = [ 'file1' => new CURLFile('path/to/1.jpg') // PHP >= 5.5.0 // 'file1' => '@path/to/1.jpg' // PHP < 5.5.0 ]; // Ссылка, куда будем загружать картинку - это upload_url curl_setopt($ch, CURLOPT_URL, $upload_url); // Говорим cURL, что это POST-запрос curl_setopt($ch, CURLOPT_POST, true); // Говорим cURL, какие поля будем отправлять curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters); // Говорим cURL, что нам нужно знать, что ответит сервер, к которому мы будем обращаться curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Выполняем cURL-запрос. В этой переменной будет JSON-ответ от ВКонтакте $curl_result = curl_exec($ch); // Закрываем соединение curl_close($ch); Then you need to call the method. https://vk.com/dev/photos.save , relaying to it the data you received when the photograph is downloaded.

I don't see a gin of this kind of technique, but it's actually done through it. https://golang.org/pkg/net/http/#Request.ParseForm and read directly from http.Request.Form by key:r := c.Request err := r.ParseForm() if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } fmt.Println(r.Form["first"])

We'll call for documentation. http://php.net/manual/ru/mysqli.query.php where:mixed mysqli_query(mysqli $link, string $query [, int $resultmode = MYSQLI_STORE_RESULT ]) I mean, the reference to the switch with the connection is indicated first and then the request.I can't tell you exactly what you've got on the file, so I'll take an example:$link = mysqli_connect("localhost", "my_user", "my_password", "world"); Then we'll have to write:$db_result = mysqli_query($link, $sql); // обратите внимание на $link! In fact, the second barning tells you the same thing: I need the right data, not the null (or what does it return?)

Replace the method post to get in shape:<form action="//www.free-kassa.ru/merchant/cash.php" method="get"> Then following logic:$return['form' ] = array( "action" => "//www.free-kassa.ru/merchant/cash.php", "method" => 'GET', "hidden" => array( "m" => $shop_id, "oa" => $price, "o" => $orderid, "s" => $sign, "i" => "", "lang" => "ru", "em" => "", )

Statute 400 https://ru.wikipedia.org/wiki/%D0%A1%D0%BF%D0%B8%D1%81%D0%BE%D0%BA_%D0%BA%D0%BE%D0%B4%D0%BE%D0%B2_%D1%81%D0%BE%D1%81%D1%82%D0%BE%D1%8F%D0%BD%D0%B8%D1%8F_HTTP That it's a bad request, and he's a bad one because of the wrong chemicals. Total @RequestMapping We need to add the necessary hyder, for example: @RequestMapping(value = "/request", method = RequestMethod.POST, consumes="application/json") and on the client, add the necessary chider Content-Type: application/jsonProper http://ru.java.wikia.com/wiki/@RequestMapping The consumes parameter defines the type of contents of the request body, e.g. consumes=application/json, determines that the Content-Type of the request that the client sent is "application/json." You can give a negative indication: consumes=!application/json." Then any Content-Type, other than the specified, may be required to indicate several values: (Text/plain), "application/*).The produces parameter defines the format of the reset method. If the client in the header's doesn't have a title Accept, it doesn't matter what is in the produces. If the heading of Accept is fixed, the value of produces should coincide with it for the successful return of the result to the client. The produces parameter may also contain a list of values.

$result = curl_exec ($ch); if (curl_errno($ch)) { echo curl_error($ch); } curl_close ($ch); Replace the end of your function and look what's out. Personally, I got the code. SSL certificate problem: unable to get local issuer certificate

In today &apos; s world, all letters should be sent through SMTP-server, e.g. smtp.yandex.ru, smtp.google.com. Since hosting providers can block the RR function mail()for example, the reasons for this mass or your letters are bluntly falling into the spam for a wrong setting. To use these SMTP from yandex or google, it is sufficient to have a mailbox from the relevant provider.To build all this good in WordPress, I recommend plagin https://ru.wordpress.org/plugins/wp-mail-smtp/

There's someone else who's up to these questions, but it's clear that you've got a wrong format, because it starts with. \n - the line. Establish a separate file for xml request, for example, request.xml:<?xml version="1.0" encoding="UTF-8"?> <request version="1.0"> <merchant> <id>75482</id> <signature>5abf5c7524bc2a835acb3a9e24ce10bc5ba82a99</signature> </merchant> <data> <oper>cmt</oper> <wait>0</wait> <test>0</test> <payment id=""> <prop name="sd" value="11.08.2013" /> <prop name="ed" value="11.09.2013" /> <prop name="card" value="5168742060221193" /> </payment> </data> </request> further through file_get_contents() receive it:$url = "https://api.privatbank.ua/p24api/rest_fiz"; $xml2= file_get_contents('request.xml'); $stream_options = array ( 'http' => array ( 'method' => "POST", 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'content' => $xml2 ) ); $context=stream_context_create($stream_options); $response=file_get_contents($url, false, $context); $array_data = json_decode(json_encode(simplexml_load_string($response)), true);

You need to use your functions. http://php.net/manual/ru/function.urlencode.php and http://php.net/manual/ru/function.urldecode.php The first replaces the URL-produced specials and the second, respectively, reverses.

I suspect so.import requests my_token = "17982......................." url = "https://api.smsworldhub.com/v1/send/multi?token=%s" % my_token message_text = 'Hello!' phones = ['+79990000001', '+79990000002', '+79990000003'] messages = ({'phone': phone, 'mes': message_text} for phone in phones) r = requests.post(url, data = {'messages': messages}) print(r.content)

It's called Recurring function♪ The point is: Define all elements in the masses, regardless of the size of the mass.The condition states: Remove the elements of the mass (multi-dimensional mass) until the final value of the mass is met, if the value is not massive, then apply the htmlspecialchars function to the data.Let's see what the data is:[ 1 => 'test' 2 => ['test1', 'test2'] ] This code will process all the elements (test, test1, test2) as and no matter how many of the volumes will be inserted in each other, The htmlspecialchars function will be applied to all mass values♪

Tega <form > add a parameter enctype="multipart/form-data" http://htmlbook.ru/html/form/enctype

func uploadHandler(w http.ResponseWriter, r *http.Request) { //парсим мультипарт форму err := r.ParseMultipartForm(200000) if err != nil { fmt.Fprintln(w, err) return } //получаем формконтейнер с указателями на распарсенные формы //доступно только после вызова `ParseMultipartForm` formdata := r.MultipartForm //и получаем список указателей на файловые дескрипторы именованной формы со списком файлов //по сути это список открытых дескрипторов, так что обычный len(files) покажет общее количество файлов files := formdata.File["multiplefiles"] fmt.Printf("Total files: %v\n", files) }

Do I need to filter all the input data?You don't have to trust any data you've received from outside. For example, $_GET, $_POST. php.ini request_order and variables_order This may include bruises, $_SERVER and variable environments, $_COOKIE, $_FILES, downloaded from outside systems (e.g. API). The whole point is, you need to look not for an abstract filter from dangerous data, but to understand what data you're expecting to find in this place and what happens next. The withdrawal of CSV, HTML, or the recording of the CSBD, each requires special treatment.The better use filter_var(), filter_input() etc., or use regular expressions.All that will make sure you're correct. We should start with the white list. Often, you know in advance that, for example, you only have $_GET['index'] foo or bar♪ Here's the two permissible values and check.For example, for e-mail, there's a regular routine hidden in the user's e-mail. filter_var♪ It's a good starting point, and it'll normally work well. Usually because email is a very funny thing. If you read the relevant RFC, it would be easier to check the contents of the symbol @ and to send a letter like that to deal with the variety of possible options. It's almost everything.For example, logina, you may wish to limit the introduction to Latin letters only and some special symbols. It's easier to do regularly.The widest interpretation, usually for free text entry. For example, this is the message. UTF8 symbols are generally acceptable.By the way, when you're talking about this, please don't give a password, except for a minimum length. And only if it clearly requires a substantive area, it's a minimum complexity. But in no case limit the maximum. You're still jashing it, not keeping it, let the user introduce what he likes and the length he likes.What method of authorization on the website can be considered safe?Depending on the safety requirement. It's quite difficult to circumvent the EPZ (north, banking). It is difficult to circumvent if only one specific IP of one specific VPN (corporate data) is allowed. For a site not so sensitive to security, HTTPS. Over the past year, it has become quite simple to incorrectly construct HTTPS, and it will cover MitM adequately and encrypt the data.It's possible to hose the client's original password and send the xash to the server so that the original password is not available online at all.Without HTTPS? Do HTTPS, time of expensive certificates is past.Using PDO, can I not be afraid to connect the variables at once?There's no injection of SQL. And immediately, an important reservation: only if you have a correct coding of the compound or the emulation of prepared expressions is disconnected. https://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection But logical mistakes you must check anyway. For example, do you think using the UPOST['amount'] safe as :amount?UPDATE users SET balance = balance - :amount WHERE id=:user (approximately, there's going to be a double accountant in this place that checks are further validated on the subway level (especially if the same mysql could actually make a check) but as one DBA says, people understand the money faster.What if I give you 100? Should we get a charge instead of writing off?If I have an HTML (wysiwyg) editor, I need to use the functions before I keep in the OBD system.A very interesting question and conduct depends on the degree of trust. Do you trust someone who uses this editor? So, there's got to be a real HTML on the way out, and it needs to be as HTML? It's a private thing for an adminca of some CMS. Then you mustn't be able to validate this field at all. htmlspecialchars($var, ENT_QUOTES, 'UTF-8') must be summoned for this text in textarea, otherwise the accidental text breaks everything.If you don't believe it, but there's a HTML, you have to do a thorough sweep of the lectures and check the white list of the entire HTML. I don't give you specific tools, I only know that there are. The problem is, for example, you want to be able to make it. <img src>♪ and you'll get some help ♪ <img src='...' onload="alert(document.cookie)"> And that's it. Instead of harmless alert, it might be more interesting. And htmlspecialchars is not possible, or there will be no picture.If HTML is not supposed to be, then htmlspecialchars. It is possible to apply before the entry into the base, and logically, to apply directly to the HTML withdrawal. But not strip_tags. Why are you removing what the user brought? You have to keep it right and show it right, not remove it.If there is, password password password, PASSWORD_DEFAULT is checked;Is that a mistake in the matter? Checks password_verify.Why do you have to do something about not writing a CSPRNG, apparently in a bunch and how you plan to use it, I don't know.CSPRNG is a cryptographically persistent pseudent cell generator.For the sessional authorisation of the session and use it. I recall only one obvious underwater stone that is not always noticed: the session has no time to live. Not at all. There is only a time limit from the last resort to this session, after which the session may remove the garbage collector. And when the trash collector goes down, who knows it. And all this time, the session is still valid. Therefore, if it is necessary for your task to have a handicap of copying an hour after the authorization or after the last application of the user, this logic must be made by you yourself.For long-term authorization, I think that answer is already grotesque. It's rather a separate question.Data filter:See beginning. You need to know what you want to find in these data and where this data goes. The rest is not security, but crutches and security illusions. There's no magical function of doing me right and safe.And, of course, you can't be sure you've got such data at all. First check on isset or, if allowed for values, empty. Or filter_input, he also responds correctly to missing keys.And once CSRF has been reminded, remember that everything that changes the state of the system must be done through POST, PUT, PATCH or DELETE queries (if not API, only POST is normally used) and be covered by a unique token. A question of discussion is unique or unique to the user or to the session. GET needs information only to read. Two identical GET requests should return the same result. This rule sometimes has to be derogated from, for example, to refer to "resigned" in letters (changes signature data), but it's an exception. You don't have to remove anything from the GET Request.