PHP application security prevention technology research
PHP security prevention program model
Copy the code as follows:
/* PHP anti-injection cross-site V1.0
Add: require(“menzhi_injection.php”);
to the top of your page to achieve universal prevention of SQL injection. and XSS cross-site vulnerabilities.
##################Defects and Improvements##################
There are still many defects in the program, I hope everyone can Help improve
##################Reference and Acknowledgment#################
Neeao'ASP SQL universal anti-injection Program V3.0
Part of the code is referenced from Discuz!
|select|delete|update|count|*|%|chr|mid|master|truncate|or|char|declare";
$menzhi_injection = explode("|",$menzhi_injection);
foreach(array('_GET' , '_POST', '_COOKIE','_REQUEST') as $_request) {
foreach($$_request as $_key => $_value) {
//$_value = strtolower($_value);
$_key{ 0} != '_' && $$_key = daddslashes($_value);
foreach($menzhi_injection as $kill_key => $kill_value) {
if(substr_count($_value,$kill_value)>0) {
echo "";
unset($_value);
exit();
}
}
///echo "
".$_value;
}
}
function daddslashes($string) {
if(!MAGIC_QUOT ES_GPC) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val);
}
} else {
$string = addslashes ($string);
}
}
$string = preg_replace('/&((#(d{3,5}|x[a-fA-F0-9]{4}));)/', ' &\1',str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $ string));
return $string;
}
?>
Usage instructions
Add: "require("menzhi_injection.php");" at the top of your page to achieve general prevention of SQL injection and XSS cross-border Site vulnerability. To call this program, we use require() instead of include(), because if an error occurs when calling the file in require(), the program will be terminated, and include() will ignore it. And when require() calls a file, the external file will be called first as soon as the program is run. Inculde() only starts execution when it reaches this line. Based on the function characteristics, we choose require(). You can also add or delete filter characters in the $menzhi_injection variable according to actual needs to achieve better defense effects. Furthermore, you can modify the code yourself, and you may gain unexpected results. Ordinary injections can be defended. The following test is just for ridicule. The following is the test effect of a one-sentence Trojan:
Defects and Needs for Improvement
Since this program is only an external call, it only processes externally submitted variables, and does not conduct a systematic analysis of your application, so it has many limitations, so please use it with caution. For programs that use GBK encoding, there is also the risk of double-byte encoding vulnerabilities. Although this program can handle this vulnerability. But to curb these loopholes, we still need to start from the root cause. Need to handle the database connection file, we can add character_set_client=binary. The database connection class db_mysql.class.php of Discuz!7.0 is very well written and you can refer to it. Of course, these are not the scope of this small program.
And this program does not filter the $_SERVER $_ENV $_FILES system variables. For example, when the $_SERVER['HTTP_X_FORWARDED_FOR'] system obtains the IP, hackers can change its value by hijacking and modifying the original HTTP request packet. This program can handle these vulnerabilities. But as programmers, what we need is to deal with external variables from the root cause, take precautions before they happen, and take precautions.
The program is very messy. Everyone is welcome to test and use it. If you have any comments or suggestions, you can leave a message for discussion.
Conclusion
Finally, I wish you all success in your studies and success in your work. If you want to get more related articles, please pay attention to the PHP Chinese website (www.php.cn)!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Unable to save changes to Photos app error in Windows 11
Mar 04, 2024 am 09:34 AM
If you encounter the Unable to save changes error while using the Photos app for image editing in Windows 11, this article will provide you with solutions. Unable to save changes. An error occurred while saving. Please try again later. This problem usually occurs due to incorrect permission settings, file corruption, or system failure. So, we’ve done some deep research and compiled some of the most effective troubleshooting steps to help you resolve this issue and ensure you can continue to use the Microsoft Photos app seamlessly on your Windows 11 device. Fix Unable to Save Changes to Photos App Error in Windows 11 Many users have been talking about Microsoft Photos app error on different forums
How to view clipboard history on Mac
Sep 14, 2023 pm 12:09 PM
View macOS Clipboard History from Finder When you copy anything on your Mac (text, images, files, URLs, etc.), it goes to the Clipboard. Here's how to see what was last copied on your Mac. Go to Finder and click "Edit" in the menu bar. Click "Show Clipboard". This will open a window showing the contents of the macOS clipboard. Get Clipboard History Containing Multiple Items in Mac Of course, native Mac Clipboard History isn't the most versatile tool you can have. It only shows the last thing you copied, so if you want to copy multiple things at once and then paste them all together, you simply can't do that. However, if you are looking for
Learn how to use the Boundless Notes app on iPhone and iPad
Nov 18, 2023 pm 01:45 PM
What is Boundless Notes on iPhone? Like the iOS17 Diary app, Boundless Notes is a productivity app with tons of creative potential. It’s a great place to turn ideas into reality. You can schedule projects, brainstorm ideas, or create mood boards so you never run out of space to express your ideas. The app allows you to add photos, videos, audios, documents, PDFs, web links, stickers, and more anywhere on an unlimited canvas. Many of the tools in Boundless Notes (like brushes, shapes, and more) will be familiar to anyone who uses iWork apps like Keynote or Notes. Real-time collaboration with colleagues, teammates, and group project members is also easy because Freeform allows
Photos cannot open this file because the format is not supported or the file is corrupted
Feb 22, 2024 am 09:49 AM
In Windows, the Photos app is a convenient way to view and manage photos and videos. Through this application, users can easily access their multimedia files without installing additional software. However, sometimes users may encounter some problems, such as encountering a "This file cannot be opened because the format is not supported" error message when using the Photos app, or file corruption when trying to open photos or videos. This situation can be confusing and inconvenient for users, requiring some investigation and fixes to resolve the issues. Users see the following error when they try to open photos or videos on the Photos app. Sorry, Photos cannot open this file because the format is not currently supported, or the file
MS Paint not working properly in Windows 11
Mar 09, 2024 am 09:52 AM
Microsoft Paint not working in Windows 11/10? Well, this seems to be a common problem and we have some great solutions to fix it. Users have been complaining that when trying to use MSPaint, it doesn't work or open. Scrollbars in the app don't work, paste icons don't show up, crashes, etc. Luckily, we've collected some of the most effective troubleshooting methods to help you resolve issues with Microsoft Paint app. Why doesn't Microsoft Paint work? Some possible reasons why MSPaint is not working on Windows 11/10 PC are as follows: The security identifier is corrupted. hung system
How to solve application startup error 0xc000012d problem
Jan 02, 2024 pm 12:53 PM
When a friend's computer is missing certain files, the application cannot start normally with error code 0xc000012d. In fact, it can be solved by re-downloading the files and installing them. The application cannot start normally 0xc000012d: 1. First, the user needs to download ".netframework". 2. Then find the download address and download it to your computer. 3. Then double-click on the desktop to start running. 4. After the installation is completed, return to the wrong program location and open the program again.
How to connect Apple Vision Pro to PC
Apr 08, 2024 pm 09:01 PM
The Apple Vision Pro headset is not natively compatible with computers, so you must configure it to connect to a Windows computer. Since its launch, Apple Vision Pro has been a hit, and with its cutting-edge features and extensive operability, it's easy to see why. Although you can make some adjustments to it to suit your PC, and its functionality depends heavily on AppleOS, so its functionality will be limited. How do I connect AppleVisionPro to my computer? 1. Verify system requirements You need the latest version of Windows 11 (Custom PCs and Surface devices are not supported) Support 64-bit 2GHZ or faster fast processor High-performance GPU, most
Fix caa90019 Microsoft Teams error
Feb 19, 2024 pm 02:30 PM
Many users have been complaining about encountering error code caa90019 every time they try to log in using Microsoft Teams. Even though this is a convenient communication app, this mistake is very common. Fix Microsoft Teams Error: caa90019 In this case, the error message displayed by the system is: "Sorry, we are currently experiencing a problem." We have prepared a list of ultimate solutions that will help you resolve Microsoft Teams error caa90019. Preliminary steps Run as administrator Clear Microsoft Teams application cache Delete settings.json file Clear Microsoft from Credential Manager
