Home > Backend Development > PHP Tutorial > PHP development study notes

PHP development study notes

WBOY
Release: 2016-08-08 09:26:12
Original
5268 people have browsed it

1. When users log in or query data, sometimes there may be quotation marks and other symbols that have an impact on SQL statements (SQL injection attacks). This will have an impact on them when they perform operations in the database.
In this case, it should How to do it?
Scheme: You can use addslashes and stripslashes
addslashes can escape single quotes (,), double quotes ("), backslashes () and NULL (NULL characters) with backslashes
stripslashes is opposite to addslashes One way is to restore these escaped values ​​
2. In some PHP versions, the magic_quotes_gpc configuration is useful, that is, automatic magic quotes, that is, if this configuration is turned on, the values ​​​​$_POST, $_COOKIE, and $_SESSION will automatically Escape, we don’t need to escape
What should we do in this case?
Answer: For the sake of compatibility and portability, we have to judge it,
Look at the following code:

<?php 
 
$textarea = $_POST['textarea'];
 
if(get_magic_quotes_gpc()){
    echo '魔术引号以开启,$textarea不需要转义','<br />';
}else{
    echo '魔术引号未开启,$textarea需要转义','<br />';
    $textarea = addslashes($textarea);
}
 ?>
Copy after login

3. What is an XSS attack? What should we do in this case?
Answer: XSS attack: Cross Site Scripting, not to be confused with the abbreviation of Cascading Style Sheets (CSS)
We can use the htmlspecialchars method. , that is, html entity escaping, that is, these html symbols such as <> will be converted, so when they are printed, they will only be regarded as text instead of scripts
<?php 
 
file_put_contents('01.txt', htmlspecialchars($_POST['textarea']));
echo file_get_contents('01.txt'),'<br />';
//返回<script type="text/javascript"> while (true) { alert('a'); }; </script>
 ?>
Copy after login

The above introduces the PHP development study notes, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template