PHP¼òµ¥¼ÆÊýÆ÷
<?php
/*ʹÓÃÎı¾Îļþ¼Ç¼Êý¾ÝµÄ¼òµ¥ÊµÏÖ*/
$counter=1;
if(file_exists("mycounter.txt")){
$fp=fopen("mycounter.txt","r");
$counter=fgets($fp,9);
$counter++;
fclose($fp);
}
$fp=fopen("mycounter.txt","w");
fputs($fp,$counter);
fclose($fp);
echo "<h1>ÄúÊǵÚ".$counter."´Î·ÃÎʱ¾Ò³Ã棡<h1>";
?>
<?php
//ÏÂÃæÕâ¸öΪʹÓûùÓÚÊý¾Ý¿âµÄ¼òµ¥¼ÆÊýÆ÷£¬Î´Ìí¼ÓÆäËû·ÀÖ¹Ò»ÈËÖظ´Ë¢Ðµķ½·¨¡£½ö¹©²Î¿¼¡£¡£
$conn=mysql_connect("localhost","root","abc");
$result=mysql_query("use db_counter");
$re=mysql_query("select * from tb_counter");
$result=mysql_fetch_row($re);
$counter=$result[0];
echo "ÄúÊǵÚ{$counter}λ·ÃÎÊÕߣ¡";
$counter+=1;echo "<hr>{$counter}";
mysql_query("update tb_counter set counter=$counter");
mysql_close($conn);
?>
Ïà¹ØÎĵµ£º
һѡÔñÌ⣺
1.ÏÂÃæµÄÄǸöÑ¡Ïî¿ÉÒÔ»ñÈ¡±íµ¥Ìá½»µÄÖµ£¿£¨¶àÑ¡£© b d
<form name='frm1' method="post">
<input type="text" name="name" ><input type="submit" name="a">
</form>
A.$_GET['name']
B.$_POST['name']
C.$_SESSION['name']
D.$_REQUEST['name']
E.$_GLOBAL['name']
2.ÍüÀ²¡£ ......
void header ( string string [, bool replace [, int http_response_code]] )
void header ( string string [, bool replace [, int http_response_code]] )
header()ÊÇÓÃÀ´·¢ËÍ HTTP HeaderµÄ¡£replaceÊǸö¿ÉÑ¡µÄ²ÎÊý£¬Ö¸Ê¾ÊÇ·ñÌæ´úÒ»¸öÏÈÆÚÏàËƵÄheader£¬
......
1¡¢$_SERVER['SCRIPT_NAME']¡¢$_SERVER['PHP_SELF']ºÍ$_SERVER['REQUEST_URI']Çø±ð
Àý×Ó:http://localhost/phpwind75/test.php/%22%3E%3Cscript%3Ealert(’xss’)%3C/script%3E%3Cfoo
$_SERVER['SCRIPT_NAME']Ö»»ñÈ¡½Å±¾Ãû£¬²»»ñÈ¡²ÎÊý,Êä³ö½á¹ûΪ:test.php;
$_SERVER['PHP_SELF']»ñÈ¡½Å±¾Ãûºó£¬Í¬Ê±»ñÈ ......
ÔÚ PHP ±à³ÌÔçÆÚ£¬PHP ´úÂëÔÚ±¾ÖÊÉÏÊÇÏÞÓÚÃæÏò¹ý³ÌµÄ¡£¹ý³Ì´úÂë µÄÌØÕ÷ÔÚÓÚʹÓùý³Ì¹¹½¨Ó¦ÓóÌÐò¿é¡£¹ý³Ìͨ¹ýÔÊÐí¹ý³ÌÖ®¼äµÄµ÷ÓÃÌṩijÖ̶ֳȵÄÖØÓá£
µ«ÊÇ£¬Ã»ÓÐÃæÏò¶ÔÏóµÄÓïÑÔ¹¹Ô죬³ÌÐòÔ±ÈÔÈ»¿ÉÒÔ°Ñ OO ÌØÐÔÒýÈëµ½ PHP ´úÂëÖС£ÕâÑù×öÓеãÀ§ÄѲ¢ÇÒ»áʹ´úÂëÄÑÓÚÔĶÁ£¬ÒòΪËüÊÇ»ìºÏ·¶Àý£¨º¬ÓÐα OO Éè¼ÆµÄ¹ý³ÌÓïÑÔ£ ......
