请问有经验的PHP老鸟，程序的安全性！-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

请问有经验的PHP老鸟，程序的安全性！

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 10:02 AM

array get

请教有经验的PHP老鸟，程序的安全性！？
讨论下开发PHP网站，除了操作系统和WEB服务软件，在程序本身安全方面应该注意那些

记得第一次给客户做的小站1个月就被坏蛋给黑了，检查发现居然在首页最下边被加了个 xxx ，结果就是老弹广告。就可能是因为程序漏洞造成的。

还有听说工行的网站被恶搞，等等。

谢谢拉
！

------解决方案--------------------
呵呵，大家来点实际的
/*
*防注入处理
*/
if(!get_magic_quotes_gpc()){
immit(___FCKpd___0
POST);
immit(___FCKpd___0
GET);
immit(___FCKpd___0
COOKIE);
}
//防注入处理(为变量加入斜杠)函数
//参数 $array 为防注入变量数组
function immit(&$array){
foreach($array as $key=> $value){
if(!is_array($value)){
$array[$key]=addslashes($value);
}else{
immit($array[$key]);
}
}
}

php中如何避免sql注入攻击

if(!get_magic_quotes_gpc()){
callUserFunc(___FCKpd___0
GET, 'addslashes ');
callUserFunc(___FCKpd___0
POST, 'addslashes ');
}
就可以了,字段值加 ' 就可以了,如查询文章
"SELECT * FROM table WHERE id= '$id ' "

------解决方案--------------------
一般的主要注意以下几项:
脚本攻击(危害不太大主要是对客户端).
解决:将用户发表的文字用htmlspecialchars处理.

sql注入.
解决:
最好打开get_magic_quotes_gpc若未打开用addslashes替换用户以post或get方式传输的数据.
或限制传输的数据长度在安全范围内(比如限制1-2个char长),
或严格检查用户传输数据的类型.我见过有人在asp内检测关键字这是一个解决方法,但效率不高.

上传漏洞:
解决:
检查用户传输文件大小,限制其大小
检查用户传输文件的类型,绝对不允许用户传apache会解释的文件(检测文件后缀即可)

背份还原漏洞:
解决:
管理好管理员密码.做好日志

以上是我总结的一些黑客常用的攻击方法,还有什么方法希望大家补充,交流.

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Two Point Museum: All Exhibits And Where To Find Them

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7378

Java Tutorial

1628

CakePHP Tutorial

1357

Laravel Tutorial

1267

PHP Tutorial

1216

Related knowledge

How to automate tasks using PowerShell Feb 20, 2024 pm 01:51 PM

If you are an IT administrator or technology expert, you must be aware of the importance of automation. Especially for Windows users, Microsoft PowerShell is one of the best automation tools. Microsoft offers a variety of tools for your automation needs, without the need to install third-party applications. This guide will detail how to leverage PowerShell to automate tasks. What is a PowerShell script? If you have experience using PowerShell, you may have used commands to configure your operating system. A script is a collection of these commands in a .ps1 file. .ps1 files contain scripts executed by PowerShell, such as basic Get-Help

Sort array using Array.Sort function in C# Nov 18, 2023 am 10:37 AM

Title: Example of using the Array.Sort function to sort an array in C# Text: In C#, array is a commonly used data structure, and it is often necessary to sort the array. C# provides the Array class, which has the Sort method to conveniently sort arrays. This article will demonstrate how to use the Array.Sort function in C# to sort an array and provide specific code examples. First, we need to understand the basic usage of the Array.Sort function. Array.So

How does java initiate an http request and call the post and get interfaces? May 16, 2023 pm 07:53 PM

1. Java calls post interface 1. Use URLConnection or HttpURLConnection that comes with java. There is no need to download other jar packages. Call URLConnection. If the interface response code is modified by the server, the return message cannot be received. It can only be received when the response code is correct. to return publicstaticStringsendPost(Stringurl,Stringparam){OutputStreamWriterout=null;BufferedReaderin=null;StringBuilderresult=newSt

Example of Curl Get command Mar 20, 2024 pm 06:56 PM

In Linux, URL or Curl client is a popular command line utility that allows you to transfer data over the network using various protocols such as HTTPS, HTTP, FTP, etc. It allows you to send and receive data using its get, post and request methods. Among them, you need to use the "get" method frequently. Therefore, it becomes crucial to learn various methods and various options that you can use to increase your productivity. "Performing a curl operation is as simple as entering a few simple commands. Although it seems simple, many users do not fully realize its potential. Therefore, this short guide provides some information on how to perform curl operations on Linux systems. Example using the "curlget" command." Curl

Simple and clear method to use PHP array_merge_recursive() function Jun 27, 2023 pm 01:48 PM

When programming in PHP, we often need to merge arrays. PHP provides the array_merge() function to complete array merging, but when the same key exists in the array, this function will overwrite the original value. In order to solve this problem, PHP also provides an array_merge_recursive() function in the language, which can merge arrays and retain the values of the same keys, making the program design more flexible. array_merge

In-depth analysis of the similarities and differences between the get method and post method in jQuery Feb 24, 2024 pm 12:15 PM

Get and post are two commonly used ajax request methods in jQuery, which are used to send requests to the server and obtain data. They have some differences in usage and some features. Next we will explain their similarities and differences in detail, and attach specific code examples. The similarities between get and post: they are both methods for sending ajax requests. You can obtain data from the server by specifying the URL and data parameters. Both can accept callback functions as parameters, which are used to process data returned by the server or handle failed requests.

How to use the array_combine function in PHP to combine two arrays into an associative array Jun 26, 2023 pm 01:41 PM

In PHP, there are many powerful array functions that can make array operations more convenient and faster. When we need to combine two arrays into an associative array, we can use PHP's array_combine function to achieve this operation. This function is actually used to combine the keys of one array as the values of another array into a new associative array. Next, we will explain how to use the array_combine function in PHP to combine two arrays into an associative array. Learn about array_comb

How to change Ubuntu's apt-get update source? Jan 05, 2024 pm 03:40 PM

Manually modify Ubuntu's apt-get source 1. Use the ssh tool to connect to Ubuntu (I use xshell) 2. Type cd/etc/apt/3 on the command line and back up the source.list file in this directory (you must have sudo permissions) ), then there is a source.list.bak file. 4. Clear the source.list file content (note: it cannot be restored after clearing, so you need to perform the previous step to back up the file in advance). At this time, use sudo to prompt that the permissions are insufficient. Switch directly to the root user and execute this command. 5. Use vim to open source.list, press the i key to enter the editing mode, paste the source address to be modified, and then press

See all articles