PHP³ÌÐòÔ±×îÒ×·¸10ÖÖ´íÎó
1.²»×ªÒâhtml entities
Ò»¸ö»ù±¾µÄ³£Ê¶£ºËùÓв»¿ÉÐÅÈεÄÊäÈ루ÌرðÊÇÓû§´ÓformÖÐÌá½»µÄÊý¾Ý£© £¬Êä³ö֮ǰ¶¼Òª×ªÒâ¡£
echo $_GET['usename'] ;
Õâ¸öÀý×ÓÓпÉÄÜÊä³ö£º
<scrīpt>/*¸ü¸ÄadminÃÜÂëµÄ½Å±¾»òÉèÖÃcookieµÄ½Å±¾*/</scrīpt>
ÕâÊÇÒ»¸öÃ÷ÏԵݲȫÒþ»¼£¬³ý·ÇÄã±£Ö¤ÄãµÄÓû§¶¼ÕýÈ·µÄÊäÈë¡£
ÈçºÎÐÞ¸´ £º
ÎÒÃÇÐèÒª½«"< ",">","and" µÈת»»³ÉÕýÈ·µÄHTML±íʾ(< , >', and ")£¬º¯Êýhtmlspecialchars ºÍ htmlentities()ÕýÊǸÉÕâ¸ö»îµÄ¡£
ÕýÈ·µÄ·½·¨£º
echo htmlspecialchars($_GET['username'], ENT_QUOTES);
2. ²»×ªÒâSQLÊäÈë
ÎÒÔø¾ÔÚһƪÎÄÕÂÖÐ×î¼òµ¥µÄ·ÀÖ¹sql×¢ÈëµÄ·½·¨(php+mysqlÖÐ)ÌÖÂÛ¹ýÕâ¸öÎÊÌâ²¢¸ø³öÁËÒ»¸ö¼òµ¥µÄ·½·¨¡£ÓÐÈ˶ÔÎÒ˵£¬ËûÃÇÒѾÔÚphp.ini
Öн«magic_quotesÉèÖÃΪOn£¬ËùÒÔ²»±Øµ£ÐÄÕâ¸öÎÊÌ⣬µ«ÊDz»ÊÇËùÓеÄÊäÈ붼ÊÇ´Ó$_GET, $_POST»ò $_COOKIEÖеĵõ½µÄ£¡
ÈçºÎÐÞ¸´£º
ºÍÔÚ×î¼òµ¥µÄ·ÀÖ¹sql×¢ÈëµÄ·½·¨(php+mysqlÖÐ)ÖÐÒ»ÑùÎÒ»¹ÊÇÍƼöʹÓÃmysql_real_escape_string()º¯Êý
ÕýÈ·×ö·¨£º
<?php
$sql = "UPDATE users SET
name='.mysql_real_escape_string($name).'
WHERE id='.mysql_real_escape_string ($id).'";
mysql_query($sql);
?>
3.´íÎóµÄʹÓÃHTTP-header Ïà¹ØµÄº¯Êý: header(), session_start(), setcookie()
Óöµ½¹ýÕâ¸ö¾¯¸æÂð?"warning: Cannot add header information - headers already sent [....]
ÿ´Î´Ó·þÎñÆ÷ÏÂÔØÒ»¸öÍøÒ³µÄʱºò£¬·þÎñÆ÷µÄÊä³ö¶¼·Ö³ÉÁ½¸ö²¿·Ö£ºÍ·²¿ºÍÕýÎÄ¡£
Í·²¿°üº¬ÁËһЩ·Ç¿ÉÊÓµÄÊý¾Ý£¬ÀýÈçcookie¡£Í·²¿×ÜÊÇÏȵ½´ï¡£ÕýÎIJ¿·Ö°üÀ¨¿ÉÊÓµÄhtml£¬Í¼Æ¬µÈÊý¾Ý¡£
Èç¹ûoutput_bufferingÉèÖÃΪOff£¬ËùÓеÄHTTP-headerÏà¹ØµÄº¯Êý±ØÐëÔÚÓÐÊä³ö֮ǰµ÷Óá£ÎÊÌâÔÚÓÚÄãÔÚÒ»¸ö»·¾³Öпª·¢£¬¶øÔÚ²¿
Êðµ½ÁíÒ»¸ö»·¾³ÖÐÈ¥µÄʱºò£¬output_bufferingµÄÉèÖÿÉÄܲ»Ò»Ñù¡£½á¹ûתÏòÍ£Ö¹ÁË£¬cookieºÍsession¶¼Ã»ÓÐÕýÈ·µÄÉè
ÖÃ........¡£
ÈçºÎÐÞ¸´:
È·±£ÔÚÊä³ö֮ǰµ÷ÓÃhttp-headerÏà¹ØµÄº¯Êý£¬²¢ÇÒÁîoutput_buffering = Off
¡£
4. Require »ò include µÄÎļþʹÓò»°²È«µÄÊý¾Ý
ÔÙ´ÎÇ¿µ÷£º²»ÒªÏàÐŲ»ÊÇÄã×Ô¼ºÏÔʽÉùÃ÷µÄÊý¾Ý¡£²»Òª Include »ò require ´Ó$_GET, $_POST »ò $_COOKIE Öеõ½µÄÎļþ¡£
ÀýÈç:
index.php
<?
//including header, config, database connection, etc
include(
Ïà¹ØÎĵµ£º
Ì×½Ó×Ö±à³Ì£¬Ò»°ãʹÓÃc»òc++¡£ÌرðµÄÔÚwebÓ¦ÓóÌÐò¿ª·¢ÖУ¬³£ÓÃperlʵÏÖÌ×½Ó×Ö¡£³ý´ËÒÔÍ⣬ÓÃphp½øÐÐÌ×½Ó×Ö±à³ÌÒ²ÊÇÒ»¸öÑ¡Ôñ¡£Php¿ÉÒÔʤÈÎÂ𣿵±È»¿ÉÒÔ¡£PhpÊÇһßßÖÊÁ¿µÄwebÓ¦ÓóÌÐò¿ª·¢ÓïÑÔ£¬ËûµÄÐí¶àÌØÐÔ¿ÉÒÔ´¦ÀíÖÚ¶àµÄÈÎÎñ£¬ÍøÂç±à³ÌÒ²²»ÀýÍâ¡£
1. Àí½âÌ×½Ó×Ö
Mail¡¢ftp¡¢telnet¡¢nameºÍfingerÕ ......
Ê×Ïȼì²éһϵݲװ°ü£º
rpm -q gd
rpm -q
jpegsrc
rpm -q libpng
rpm -q zlib
rpm -q freetype
Èç¹ûÒÔÉϵݲװ°üûÓУ¬Çë×ÔÐа²×°£¬ÆäʵҪֻҪgd ºÍlibpn Ïà¹ØµÄ°ü¼´¿É£¬ÆäËûµÄΪÁËÖ§³ÖÆäËûͼÐθñʽ¶øÒÑ¡£
£¨ÒÔϵݲװ²½ÖèΪÕûÀí×ÔÍøÂçÎÄÕ£©
1.°²×°zlib
tar zxvf zlib-1.2.2. ......
ÍÏÁËÁ½Ì죬½ñÍíÖÕÓÚÓеãʱ¼äÀ´Ð´ÏÂƪÁË¡£¿ÉÊÇ£¬¶Ô×ŵçÄÔ£¬È´Óе㲻֪µÀ´ÓºÎ˵Æð¡£»òÐí£¬¾ÍÕÕ×ÅZEND FRAMEWORKÀ´Ëµ°É¡£µ±È»£¬ÎÒ»á°ÑÎÕÒªµã£¬¼ÇµÃÕâƪÎÄÕÂÊÇÒÔzend frameworkΪÀýÀ´²ûÊöÎÒ¶ÔÃæÏò¶ÔÏó·½Ê½±à³ÌµÄÈÏʶ£¬¶ø²»ÊÇһƪzend frameworkµÄÈëÃÅÊֲᣬ²¢ÇÒ£¬ÕâÒ²²»»áÊÇÒ»¸öÃæÏò¶ÔÏóµÄÈëÃŽ̳̣¬¶øÊÇÎÒ¶ÔÃæÏò¶ÔÏóµÄÀí½â¡£
......
Äêµ×ÁË£¬±¾À´´òËãÌáÇ°Ò»ÖÜÇë¼Ù»Ø¼ÒµÄ£¬Áìµ¼Ò²ÅúÁË£¬µ«ÊÇÁÙʱÓÖÓÐÁËÈÎÎñ£¬ÐèÒªÔÚÄêÇ°´îÒ»¸öÑÝʾϵͳ£¬ÓÚÊDZ»¿ÛÏÂÁË¡£¡£
ÐèÒª×öÒ»¸ö¶à»úͨÐŵÄϵͳ£¬ÎÒÕâ±ßµÄÈÎÎñ´ó¸Å¾ÍÊÇÐèÒª¹ÜÀíÔ±Óû§ÄܶÔÊý¾Ý¿âÄÚÈݽøÐб༣¬²¢ÇÒͨ¹ý·þÎñÆ÷ÖÐת³ÌÐòÓë¿Í»§Óû§³ÌÐòͨÐÅ¡£×ܹ²Ò²Ã»¶àÉÙ¹¤×÷Á¿£¬ºÍ¼¸¸ö¿ª·¢ÈËÔ±¼òµ¥µÄÉÌÌÖÁËһϣ¬È·¶¨ÁË´óÌå ......
Á·ÇÙµÄʱºò°ÑRIFF½Ð×öÒ»¸öÇú×ÓµÄСƬ¶Î£¬ÄÇôÎÒ×Ô¼º¶¨ÒåһϳÌÐòµÄRIFF¾ÍÊÇһС¶Î³ÌÐò°É£¬·ÅһЩÕ⼸Ìì×Ô¼ºÐ´µÄ£¬ÒÔºóÒ²³¤ÆÚ¸üУ¬×÷Ϊ×Ô¼º»ýÀۺͽñºó±à³ÌµÄ²Î¿¼¡£
1. ¸ñʽ»¯ÍøÖ·£¬ÈôûÓÐHTTPÍ·Ôò²åÈëHTTPÍ·
<?php
//add http head to url
function AddHttpHead( &$s )
{
$exist = strstr( $s,"http://" ......
