È·±£PHP°²È«µÄËÄÌõ°²È«¹æÔò
ÓйØPHP
°²È«µÄ¼¸Ìõ¹æÔò
¹æÔò 1£º¾ø²»ÒªÐÅÈÎÍⲿÊý¾Ý»òÊäÈë
¹ØÓÚ Web Ó¦ÓóÌÐò°²È«ÐÔ£¬±ØÐëÈÏʶµ½µÄµÚÒ»¼þÊÂÊDz»Ó¦¸ÃÐÅÈÎÍⲿÊý¾Ý¡£ÍⲿÊý¾Ý£¨outside data£© °üÀ¨²»ÊÇÓɳÌÐòÔ±ÔÚ PHP
´úÂëÖÐÖ±½ÓÊäÈëµÄÈκÎÊý¾Ý¡£ÔÚ²ÉÈ¡´ëʩȷ±£°²È«Ö®Ç°£¬À´×ÔÈÎºÎÆäËûÀ´Ô´£¨±ÈÈç GET ±äÁ¿¡¢±íµ¥ POST¡¢Êý¾Ý¿â¡¢ÅäÖÃÎļþ¡¢»á»°±äÁ¿»ò
cookie£©µÄÈκÎÊý¾Ý¶¼ÊDz»¿ÉÐÅÈεÄ
ÀýÈ磬ÏÂÃæµÄÊý¾ÝÔªËØ¿ÉÒÔ±»ÈÏΪÊǰ²È«µÄ£¬ÒòΪËüÃÇÊÇÔÚ PHP
ÖÐÉèÖõġ£
Çåµ¥ 1. °²È«ÎÞϾµÄ´úÂë
ÒÔÏÂΪÒýÓõÄÄÚÈÝ£º
<?php
$myUsername = ‘tmyer’;
$arrayUsers =
array(’tmyer’, ‘tom’, ‘tommy’);
define(”GREETING”, ‘hello there’ .
$myUsername);
?>
µ«ÊÇ£¬ÏÂÃæµÄÊý¾ÝÔªËØ¶¼ÊÇÓÐ覴õġ£
Çåµ¥ 2. ²»°²È«¡¢ÓÐ覴õĴúÂë
ÒÔÏÂΪÒýÓõÄÄÚÈÝ£º
<?php
$myUsername = $_POST['username'];
//tainted!
$arrayUsers = array($myUsername, ‘tom’, ‘tommy’);
//tainted!
define(”GREETING”, ‘hello there’ . $myUsername);
//tainted!
?>
Ϊ ʲôµÚÒ»¸ö±äÁ¿ $myUsername ÊÇÓÐ覴õģ¿ÒòΪËüÖ±½ÓÀ´×Ô±íµ¥
POST¡£Óû§¿ÉÒÔÔÚÕâ¸öÊäÈëÓòÖÐÊäÈëÈκÎ×Ö·û´®£¬°üÀ¨ÓÃÀ´Çå³ýÎļþ»òÔËÐÐÒÔǰÉÏ´«µÄÎļþµÄ¶ñÒâÃüÁî¡£Äú¿ÉÄÜ»áÎÊ£¬“ÄѵÀ²»ÄÜʹÓÃÖ»½ÓÊÜ×Öĸ A-Z
µÄ¿Í»§¶Ë£¨Javascrīpt£©±íµ¥¼ìÑé½Å±¾À´±ÜÃâÕâÖÖΣÏÕÂ𣿔Êǵģ¬Õâ×ÜÊÇÒ»¸öÓкô¦µÄ²½Ö裬µ«ÊÇÕýÈçÔÚºóÃæ»á¿´µ½µÄ£¬ÈκÎÈ˶¼¿ÉÒÔ½«ÈÎºÎ±íµ¥ÏÂÔØ
µ½×Ô¼ºµÄ»úÆ÷ÉÏ£¬ÐÞ¸ÄËü£¬È»ºóÖØÐÂÌá½»ËûÃÇÐèÒªµÄÈκÎÄÚÈÝ¡£
½â¾ö·½°¸ºÜ¼òµ¥£º±ØÐë¶Ô $_POST['username'] ÔËÐÐÇåÀí´úÂë¡£Èç¹û²»Õâô×ö£¬ÄÇôÔÚʹÓà $myUsername
µÄÈÎºÎÆäËûʱºò£¨±ÈÈçÔÚÊý×é»ò³£Á¿ÖУ©£¬¾Í¿ÉÄÜÎÛȾÕâЩ¶ÔÏó¡£
¶ÔÓû§ÊäÈë½øÐÐÇåÀíµÄÒ»¸ö¼òµ¥·½·¨ÊÇ£¬Ê¹ÓÃÕýÔò±í´ïʽÀ´´¦ÀíËü¡£ÔÚÕâ¸öʾÀýÖУ¬Ö»Ï£Íû½ÓÊÜ×Öĸ¡£½«×Ö·û´®ÏÞÖÆÎªÌØ¶¨ÊýÁ¿µÄ×Ö·û£¬»òÕßÒªÇóËùÓÐ×Öĸ¶¼ÊÇСдµÄ£¬Õâ¿ÉÄÜÒ²ÊǸöºÃÖ÷Òâ¡£
Çåµ¥ 3. ʹÓû§ÊäÈë±äµÃ°²È« www~phperz~com
ÒÔÏÂΪÒýÓõÄÄÚÈÝ£º
<?php
$myUsername = cleanInput($_POST['username']);
//clean!
$arrayUsers = array($myUsername, ‘tom’, ‘tommy’);
//clean!
define(”GREETING”, ‘hello there’ .
Ïà¹ØÎĵµ£º
Ò»¸ö¼òµ¥µÄÀý×Ó¶ÁÈ¡CSVÎļþ£º
<?php
$handle=fopen("test.csv","r");
echo "<table border=2>";
//ÅäºÏwhileÑ»·¶ÁÈ¡Îļþ
while($data=fgetcsv($handle,1024))
{
list($user,$pwd,$partment,$title)=$data;
echo "<tr>
<td>$user</td>
<td>$pwd< ......
<?php
class SubPages{
private $each_disNums;//ÿҳÏÔʾµÄÌõÄ¿Êý
private $nums;//×ÜÌõÄ¿Êý
private $current_page;//µ±Ç°±»Ñ¡ÖеÄÒ³
private $sub_pages;//ÿ´ÎÏÔʾµÄÒ³Êý
private $pageNums;//×ÜÒ³Êý
private $page_array = array();//ÓÃÀ´¹¹Ôì·ÖÒ³µÄÊý×é ......
PhpµÄ½Å±¾¿éÓйصķûºÅ£º
1,XML·ç¸ñ£ºÅ£È˼«¶ÈÍÆ¼öµÄÓ÷¨<?php …?>¡£
2,¼ò¶Ì·ç¸ñ:<?...?>×î¼òµ¥£¬×ñÑSGML(±ê׼ͨÓñê¼ÇÓïÑÔ)´¦Àí˵Ã÷µÄ·ç¸ñ¡£ÒªÏëÓÃËü£¬Ò»¶¨Òª¿ªÆôshort_open_tagÑ¡Ï»òÕ߯ôÓö̱ê¼ÇµÄÑ¡Ïî±àÒëphp¡£(³õѧÕß¿´ÕÅÀÏʦÊÓÆµÊ±£¬¾ÍÈÝÒ×·¸Ã»ÓпªÆô¶Ì±ê¼ÇµÄ´íÎó¡£¹úÍâÅ£È˲»ÍƼö£¬µ«ÏÖÔÚ¹ú ......
ż¶û×ö¸ö¼òµ¥µÄWEB·þÎñ²âÊÔ³ÌÐò£¬ÎÒ»¹ÊÇϲ»¶²ÉÓÃPHP¡£¼ò½à£¬·ç¸ñºÍC/C++½Ó½ü£¬ÉÏÊֿ죬¶øÇÒ¿âÒ²ºÜÆëÈ«¡£ÒÔǰΪ¹ã¶«Òƶ¯×öÒÆ¶¯ÐÐÒµÖն˵ÄÑÝʾ³ÌÐòʱ£¬²ÉÓùúÄÚÒ»¸öÐÖµÜдµÄFleaPHP¿ªÔ´¿ò¼Ü£¬Á½Öܲ»µ½µÄʱ¼ä£¬ÎÒ´ÓÒ»¸ö¶ÔPHPÒ»ÎÞËùÖªµÄˮƽ£¬¿ìËٵĸ㶨ÁË30¶à¸öÒ³ÃæµÄºǫ́£¬ºóÀ´ÑÝʾЧ¹ûÒ²²»´í£¬Ò²ºÜÎȶ¨£¬´Ó´Ë¶ÔPHPÓÐÁ ......