php´úÂëÓÅ»¯
ÏÂÃæÕâһС¶Î“ÁÓÖÊ”µÄPHP´úÂëÊÇÒ»µÀ¼ò»¯Á˵IJâÊÔÌâ¡£ÕâÖÖÎÊÌâ¾ÍÏñÔÚÎÊ£ºÄã¸ÃÔõÑùÓÅ»¯Õâ¶Î´úÂ룿
<?
echo(”<p>Search results for query: ” .
$_GET['query'] . “.</p>”);
?>
¡¡¡¡Õâ¶Î´úÂëµÄÖ÷ÒªÎÊÌâÔÚÓÚËü°ÑÓû§Ìá½»µÄÊý¾ÝÖ±½ÓÏÔʾµ½ÁËÍøÒ³ÉÏ£¬´Ó¶ø²úÉúXSS©¶´¡£ÆäʵÓкܶ෽·¨¿ÉÒÔÌî²¹Õâ¸ö©¶´¡£ÄÇô£¬Ê²Ã´´úÂëÊÇÎÒÃÇÏëÒªµÄÄØ£¿
<?
echo(”<p>Search results for query: ” .
htmlspecialchars($_GET['query']) . “.</p>”);
?>
¡¡¡¡ÕâÊÇ×îµÍÒªÇó¡£XSS©¶´ÓÃhtmlspecialcharsº¯ÊýÌî²¹ÁË£¬´Ó¶øÆÁ±ÎÁË·Ç·¨×Ö·û¡£
<?php
if (isset($_GET['query']))
{
echo ‘<p>Search results for query: ‘,
htmlspecialchars($_GET['query'], ENT_QUOTES), ‘.</p>’;
}
?>
¡¡¡¡ÄÜд³öÕâÑù´úÂëµÄÈËÓ¦¸ÃÊÇÎÒÏëҪ¼ÓõÄÈËÁË¡£
<?±»Ìæ»»³ÉÁË<?php£¬ÕâÑù¸ü·ûºÏXML¹æ·¶¡£
ÔÚÊä³ö$_GET['query']µÄֵ֮ǰÏÈÅжÏËüÊÇ·ñΪ¿Õ¡£
echoÃüÁîÖжàÓàµÄÀ¨ºÅ±»È¥µôÁË¡£
×Ö·û´®Óõ¥ÒýºÅÏÞ¶¨£¬´Ó¶ø½ÚÊ¡ÁËPHP´Ó×Ö·û´®ÖÐËÑË÷¿ÉÌæ»»µÄ±äÁ¿µÄʱ¼ä¡£
ÓöººÅ´úÌæ¾äºÅ£¬½ÚÊ¡ÁËechoµÄʱ¼ä¡£
½«ENT_QUOTES±êʶ´«µÝ¸øhtmlspecialcharsº¯Êý£¬´Ó¶ø±£Ö¤µ¥ÒýºÅÒ²»á±»×ªÒå¡£ËäÈ»Õâ²¢ÊÇ×îÖ÷ÒªµÄ£¬µ«Ò²ËãÊÇÒ»¸öÁ¼ºÃÏ°¹ß¡£
¡¡¡¡¿ÉϧµÄÊÇ£¬Äܸø³öÕâÑùÈÃÈËÂúÒâ´ð¸´µÄ³ÌÐòÔ±ÉÙÖ®ÓÖÉÙ
Ïà¹ØÎĵµ£º
PHPÊǸöΰ´óµÄweb¿ª·¢ÓïÑÔ£¬Áé»îµÄÓïÑÔ£¬µ«ÊÇ¿´µ½php³ÌÐòÔ±Öܶø¸´Ê¼µÄ·¸µÄһЩ´íÎó¡£ÎÒ×öÁËÏÂÃæÕâ¸öÁÐ±í£¬ÁгöÁËPHP³ÌÐòÔ±¾³£·¸µÄ10ÖдíÎ󣬴ó¶àÊýºÍ°²È«Ïà¹Ø¡£¿´¿´Äã·¸Á˼¸ÖÖ
1.²»×ªÒâhtml entities
Ò»¸ö»ù±¾µÄ³£Ê¶£ºËùÓв»¿ÉÐÅÈεÄÊäÈ루ÌرðÊÇÓû§´ÓformÖÐÌá½»µÄÊý¾Ý£© £¬Êä³ö֮ǰ¶¼Òª×ªÒâ¡£
echo $ ......
PHPÊÓƵ½Ì³ÌÏÂÔØ£¨PHP100ϵÁÐÊÓƵ½Ì³Ì£©
PHP100ÊÇÒ»¸öÕë¶ÔPHP³õѧÕßµÄPHPÊÓƵ½ÌѧÍøÕ¾£¬ÓÐÂù¸ßµÄÈËÆøºÍ»îÁ¦¡£Ä¿Ç°ÍøÉϵÄPHPµÄÊÓƵ×ÊÔ´²¢²»¶à£¬¶àÊý¶¼ÊÇÔÚÓÅ¿áµÈÊÓƵÍøÕ¾ÉϵĽ̳̣¬ÊÓƵ²»ÇåÎú£¬¶øÇÒÒ²²»È«ÃæºÍϵͳ¡£¶øPHP100ÍøÕ¾ÉϵÄϵÁÐÊÓƵ½Ì³Ì£¬ÅäÓпμþ£¬´ÓÈëÃŵ½¾«Í¨£¬ºÜ²»´í£¬»ù±¾±£³ÖÒ»ÖÜÒ»ÆڵĸüÐÂËٶȡ£share it£ ......
ÎÒ´òËãÔÚÃüÁîÐÐÖÐÕâÑùµ÷ÓÃphp£º cat filename|php a.php£¬ÈÃa.php¶ÁÈ¡filenameÀïÃæµÄÿÐмǼ½øÐд¦Àí£¬·½·¨ÈçÏ£º
<?php
$fp = fopen("/dev/stdin", "r");
while($input = fgets($fp, 10000))
{
echo urldecode($input);
}
?>
......
ÕâƪÎÄÕµijö·¢µãÊÇÎÒ¶Ô²å¼þ»úÖÆ
µÄÀí½â£¬¼°ÆäÔÚPHPÖеÄʵÏÖ¡£´Ë·½°¸½öÊDzå¼þ»úÖÆÔÚPHPÖеÄʵÏÖ·½°¸Ö®Ò»£¬Ð´ÏÂÀ´ºÍ´ó¼Ò·ÖÏí£¬»¶Ó´ó¼ÒÒ»ÆðÌÖÂÛ¡£
²å¼þ
£¬Ò༴Plug-in£¬ÊÇÖ¸Ò»ÀàÌض¨µÄ¹¦ÄÜÄ£¿é£¨Í¨³£ÓɵÚÈý·½¿ª·¢ÕßʵÏÖ£©£¬ËüµÄÌصãÊÇ£ºµ±ÄãÐèÒªËüµÄʱºò
¼¤»îËü£¬²»ÐèÒªËüµÄʱºò½ûÓÃ/ɾ³ýËü£»ÇÒÎÞÂÛÊǼ¤»î»¹ÊǽûÓö¼²»Ó° ......
PHP³ÌÐòÔ±µÄÊ®¸ö½¨ÒéÐÔ¼¼ÇÉ
2009-07-11 09:46
Ò»¸öͬÑùµÄ¹¦ÄÜ,¸÷ÖÖ³ÌÐòÓïÑÔ´ó¶àÄÜʵÏÖ.¾ÍËãÒ»ÖÖÓïÑÔ,Ò²ÓкܶàÖÖʵÏÖ·½·¨.¸÷ÖÖ·½·¨¸÷Óи÷µÄºÃ»µ.
¶ÔÓÚPHP
±È½Ï³£¼ûµÄ¼¸¸ö³ÌÐòʹÓÃÎÊÌâ.±¾ÎÄ×ܽáһЩPHP³ÌÐòÔ±µÄÊ®¸ö½¨ÉèÓë¼¼ÇÉ,¹©´ó¼Ò²Î¿¼.
¡¡¡¡1.ʹÓà ip2long() ºÍ ......