PHP³õѧÕßÍ·Í´µÄÊ®ËĸöÎÊÌâ
1.Ò³ÃæÖ®¼äÎÞ·¨´«µÝ±äÁ¿
get,post,sessionÔÚ×îеÄphp°æ±¾ÖÐ×Ô¶¯È«¾Ö±äÁ¿Êǹرյģ¬ËùÒÔÒª´ÓÉÏÒ»Ò³ÃæÈ¡µÃÌá½»¹ýÀ´µÃ±äÁ¿ÒªÊ¹ÓÃ$_GET['foo'],$_POST['foo'],$_SESSION['foo']À´µÃµ½¡£µ±È»Ò²¿ÉÒÔÐÞ¸Ä×Ô¶¯È«¾Ö±äÁ¿Îª¿ª(php.ini¸ÄΪregister_globals = On)£»¿¼Âǵ½¼æÈÝÐÔ£¬»¹ÊÇÇ¿ÆÈ×Ô¼ºÊìϤеÄд·¨±È½ÏºÃ¡£
2.Win32ÏÂapache2 ÓÃget·½·¨´«µÝÖÐÎIJÎÊý»á³ö´í
ÀýÈ磺test.php?a=ÄãºÃ&b=ÄãÒ²ºÃ
´«µÝ²ÎÊýÊǻᵼÖÂÒ»¸öÄÚ²¿´íÎó
½â¾ö°ì·¨:"test.php?a=".urlencode(ÄãºÃ)."&b=".urlencode(ÄãÒ²ºÃ)
urlencode($myname)Ö÷ÒªÓÃÓÚÕýȷʶ±ðºº×Ö ¿Õ¸ñÒÔ¼°ÆäËûÌØÊâ×Ö·û¡£
3.win32ϵÄsession²»ÄÜÕý³£¹¤×÷
php.iniĬÈϵÄsession.save_path = /tmp ÕâÏÔÈ»ÊÇlinuxϵÄÅäÖã¬win32ÏÂphpÎÞ·¨¶ÁдsessionÎļþµ¼ÖÂsessionÎÞ·¨Ê¹Ó㬰ÑËü¸Ä³ÉÒ»¸ö¾ø¶Ô·¾¶¾Í¿ÉÒÔÁË£¬ÀýÈçsession.save_path = c:windows emp ,Ò»°ãÕâ¸ö¹¤×÷ÔÚÅäÖÃphpÔÚwinµÄ°²×°»·¾³µÄʱºò¾ÍÓ¦¸Ã½â¾öµÄ¡£
4.ÏÔʾ´íÎóÐÅÏ¢
µ±php.iniµÄdisplay_errors = On²¢ÇÒerror_reporting = E_ALLʱ£¬½«ÏÔʾËùÓеĴíÎóºÍÌáʾ£¬µ÷ÊÔµÄʱºò×îºÃ´ò¿ªÒÔ±ã¾À´í¡£
5.¸ü¸Äphp.iniºóûÓб仯
Ò»°ãÒªÖØÆôÄãµÄWEB SERVER(apache IIS)¡£
6.header already sent
Õâ¸ö´íÎóͨ³£»áÔÚÄãʹÓÃHEADERµÄʱºò³öÏÖ£¬Ëû¿ÉÄÜÊǼ¸ÖÖÔÒò£º
1,ÄãÔÚʹÓÃHEADERÇ°print»òÕßechoÁË
2.Ä㵱ǰÎļþÇ°ÃæÓпÕÐÐ
3.Äã¿ÉÄÜINCLUDEÁËÒ»¸öÎļþ,
4.¸ÃÎļþβ²¿ÓпÕÐлò ÕßÊä³öÒ²»á³öÏÖÕâÖÖ´íÎó¡£
7.includeºÍrequireµÄÇø±ð
1.include °üº¬Îļþ£¬Èç¹û¸ÃÎļþ²»´æÔÚ£¬Ëü»áÌáʾ,µ«ÊÇËü»á¼ÌÐøÍùÏÂÖ´ÐС£
2.require °üº¬Îļþ£¬Èç¹û¸ÄÎļþ²»´æÔÚ£¬»áÌáʾÖÂÃü´íÎ󣬲¢Í˳ö.
win32ƽ̨ÏÂËüÃǶ¼ÊÇÏÈ°üº¬ºóÖ´ÐС£
8.isset()ºÍempty()µÄÇø±ð
Ïàͬ£ºÁ½Õ߶¼ÊDzâÊÔ±äÁ¿ÓõÄ.
²»Í¬£ºisset()ÊDzâÊÔ±äÁ¿ÊÇ·ñ±»¸³Öµ
empty()ÊDzâÊÔÒ»¸öÒѾ±»¸³ÖµµÄ±äÁ¿ÊÇ·ñΪ¿Õ
Èç¹ûÒ»¸ö±äÁ¿Ã»±»¸³Öµ¾ÍÒýÓÃÔÚphpÀïÊDZ»ÔÊÐíµÄ,µ«»áÓÐnoticeÌáʾ£¬Èç¹ûÒ»¸ö±äÁ¿±»¸³¿ÕÖµ£¬$foo=""»òÕß$foo=0»òÕß $foo=false,ÄÇôempty($foo)·µ»ØÕ棬isset($foo)Ò²
Ïà¹ØÎĵµ£º
<?php
$p=new ReflectionClass(Àà¶ÔÏó);
$constants=$p->getConstants();//const ¶¨Òå³£Á¿
$properties=$p->getProperties();//ËùÓбäÁ¿ÊôÐÔ
$methods=$p->getMethods();//ËùÓз½·¨
//È«²¿ÒÔÊý×éÐÎÊÆ·µ»Ø
?> ......
header()º¯ÊýÓÃÀ´×ªÏò(redirect page)ʱ£¬Èç¹ûµ÷ÓÃÇ°ÓÐÊä³ö£¬±ÈÈçecho»òhtml±êÇ©£¬¾Í»áתÏòʧ°Ü¡£
Èç¹ûµ÷ÓÃÇ°ÓпÕÐÐÒ²»áתÏòʧ°Ü¡£
»¹ÓÐÒ»¸öÔÒò£¬¾ÍÊÇ×¢ÒâÄãµÄphpÎļþµÄ×Ö·û±àÂë¡£ÎÒÓöµ½µÄÇé¿öÊÇ£¬µ±×Ö·û±àÂëΪUTF-8ʱ£¬×ªÏòʧ°Ü£¬¸ÄΪANSIʱ³É¹¦¡£¾ßÌåÔÒò²»Ã÷£¬½ö¹©²Î¿¼¡£ ......
PHPÔÚÔËÐеÄʱºò£¬Ö±½Ókillµô£¬ÓпÏÄÜÔì³ÉÊý¾ÝµÄ¶ªÊ§¡£ÐÒºÃphpÄ£¿é£¬ÓÐÕë¶ÔsignalµÄ´¦Àí¡£
´¦Àí·½Ê½£¬Ê×Ïȼì²éÓÐûÓа²×° PCNTL Ä£¿é
È»ºó¿ÉÒÔÔÚÒ»¸ö°üº¬ÎļþÖУ¬Ìí¼ÓÒÔÏ´úÂë
global $exitFlag;
$exitFlag = false;
// Ôö¼ÓlinuxÐźÅÁ¿´¦Àí
if (DIRECTORY_SEPARATOR != '\\') {
pcntl_signal(SI ......
¶ÔÓڽű¾°²È«Õâ¸ö»°ÌâºÃÏñÓÀԶûÍêûÁË£¬Èç¹ûÄã¾³£µ½¹úÍâµÄ¸÷ÖÖ¸÷ÑùµÄbugtraqÉÏ£¬Äã»á·¢ÏÖÓÐÒ»°ëÒÔÉ϶¼ºÍ½Å±¾Ïà¹Ø£¬ÖîÈçSQL
injection£¬XSS£¬Path Disclosure£¬Remote commands
executionÕâÑùµÄ×ÖÑ۱ȱȽÔÊÇ£¬ÎÒÃÇ¿´ÁËÖ®ºóµÄÓÃ;ÄѵÀ½ö½öÊÇ×¥È⼦?¶ÔÓÚÎÒÃÇÏë×öweb°²È«µÄÈËÀ´Ëµ£¬×îºÃ¾ÍÊÇÄÃÀ´Ñ§Ï°£¬¿ÉÊÇÍòÎï×¥¸ùÔ´£¬ÎÒà ......