[转]老王：如何安全的include文件-php手册-php.cn

Home

php教程

php手册

[转]老王：如何安全的include文件

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:11 PM

include how Safety document

大多数人会将一个单独的php文件当成配置文件，早些年的配置文件大多类似这样： ?php?? $config['a']=1;?? $config['b']=2;?? 这样include后。可以使用$config变量了，但慢慢的，却越来越发现这样不太好，于是就有了这种 ?php?? return?array(?? 'a'=1,'b'=2?

大多数人会将一个单独的php文件当成配置文件，早些年的配置文件大多类似这样：

    <?php ??
    $config['a']=1;??
    $config['b']=2;??

Copy after login

这样include后。可以使用$config变量了，但慢慢的，却越来越发现这样不太好，于是就有了这种

    <?php ??
    return?array(??
    'a'=>1,'b'=>2??
    );??

Copy after login

这时候只要写$config = include('config.php')，就相当于和上面一样了。然后老王讲的就是指第二种情况。

原文在：http://huoding.com/2014/02/25/329

他举的例子是：

    <?php ??
    ??
    $debug?=?false;??
    //?...??
    $config?=?include?'config.php';??
    //?...??
    if?($debug)?{??
    ????phpinfo();??
    }??

Copy after login

如果config.php里万一写了$debug=true;那么就会造成phpinfo()被输出了，与实际预料就有了偏差了。那么怎么安全的include呢？

老王说：

    $config?=?call_user_func(function()?{??
    ????return?include?'config.php';??
    });??

Copy after login

这样就利用局部变量把里面的一些可能污染外部的变量控制在匿名函数的作用域里。

然后我自己也测试了一下，确实。即使用$GLOBALS，也没有影响，而单独的php文件，如果你不是function ，也不能直接global $debug;这样是语法错误的。

所以。。。。如果为了安全，你还是和老王学一下吧。。。

原文地址：[转]老王：如何安全的include文件, 感谢原作者分享。

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7495

CakePHP Tutorial

1377

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

Full analysis of Go language file renaming operation Apr 08, 2024 pm 03:30 PM

The os.Rename function is used in Go language to rename files. The syntax is: funcRename(oldpath,newpathstring)error. This function renames the file specified by oldpath to the file specified by newpath. Examples include simple renaming, moving files to different directories, and ignoring error handling. The Rename function performs an atomic operation and may only update directory entries when the two files are in the same directory. Renames may fail across volumes or while a file is in use.

How should the Java framework security architecture design be balanced with business needs? Jun 04, 2024 pm 02:53 PM

Java framework design enables security by balancing security needs with business needs: identifying key business needs and prioritizing relevant security requirements. Develop flexible security strategies, respond to threats in layers, and make regular adjustments. Consider architectural flexibility, support business evolution, and abstract security functions. Prioritize efficiency and availability, optimize security measures, and improve visibility.

Tips for turning off real-time protection in Windows Security Center Mar 27, 2024 pm 10:09 PM

In today's digital society, computers have become an indispensable part of our lives. As one of the most popular operating systems, Windows is widely used around the world. However, as network attack methods continue to escalate, protecting personal computer security has become particularly important. The Windows operating system provides a series of security functions, of which "Windows Security Center" is one of its important components. In Windows systems, "Windows Security Center" can help us

AI's new world challenges: What happened to security and privacy? Mar 31, 2024 pm 06:46 PM

The rapid development of generative AI has created unprecedented challenges in privacy and security, triggering urgent calls for regulatory intervention. Last week, I had the opportunity to discuss the security-related impacts of AI with some members of Congress and their staff in Washington, D.C. Today's generative AI reminds me of the Internet in the late 1980s, with basic research, latent potential, and academic uses, but it's not yet ready for the public. This time, unchecked vendor ambition, fueled by minor league venture capital and inspired by Twitter echo chambers, is rapidly advancing AI’s “brave new world.” The "public" base model is flawed and unsuitable for consumer and commercial use; privacy abstractions, if present, leak like a sieve; security structures are important because of the attack surface

Security configuration and hardening of Struts 2 framework May 31, 2024 pm 10:53 PM

To protect your Struts2 application, you can use the following security configurations: Disable unused features Enable content type checking Validate input Enable security tokens Prevent CSRF attacks Use RBAC to restrict role-based access

PHP Microframework: Security Discussion of Slim and Phalcon Jun 04, 2024 am 09:28 AM

In the security comparison between Slim and Phalcon in PHP micro-frameworks, Phalcon has built-in security features such as CSRF and XSS protection, form validation, etc., while Slim lacks out-of-the-box security features and requires manual implementation of security measures. For security-critical applications, Phalcon offers more comprehensive protection and is the better choice.

Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices Jun 01, 2024 am 09:26 AM

When implementing machine learning algorithms in C++, security considerations are critical, including data privacy, model tampering, and input validation. Best practices include adopting secure libraries, minimizing permissions, using sandboxes, and continuous monitoring. The practical case demonstrates the use of the Botan library to encrypt and decrypt the CNN model to ensure safe training and prediction.

Which wallet is safer for SHIB coins? (Must read for newbies) Jun 05, 2024 pm 01:30 PM

SHIB coin is no longer unfamiliar to investors. It is a conceptual token of the same type as Dogecoin. With the development of the market, SHIB’s current market value has ranked 12th. It can be seen that the SHIB market is hot and attracts countless investments. investors participate in investment. In the past, there have been frequent transactions and wallet security incidents in the market. Many investors have been worried about the storage problem of SHIB. They wonder which wallet is safer for SHIB coins at the moment? According to market data analysis, the relatively safe wallets are mainly OKXWeb3Wallet, imToken, and MetaMask wallets, which will be relatively safe. Next, the editor will talk about them in detail. Which wallet is safer for SHIB coins? At present, SHIB coins are placed on OKXWe

See all articles