We only talk about Linux systems, but to prevent the method in any system is effective, let's first look at the operation
You can use this
The code is as follows |
Copy Code |
http://www.xxx.com/index.php?page=../etc/passwd http://www.xxx.com/index.php?page=../../../etc/passwd http://www.xxx.com/index.php?page=..../../etc/passwd For more data: Etc/profile Etc/services /etc/passwd /etc/shadow /etc/group /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits /usr/lib/security/mkuser.default |
Like the above code if you are
Page=$_get that's the end of the story, because we have only numbers on the page, so we do this.
The code is as follows |
Copy Code |
? Page=intval ($_get); |
So we can not commit the character, we use the Intval function to filter, then the submission of the character how to deal with it.
We use PHP's own function addslashes and htmlspecialchars to filter the characters as they are processed.
Such as
The code is as follows |
Copy Code |
$body = Htmlspecialchars (Isset ($_get[$str]) $_get[$str]: "); |
This basically filters a variety of security injections, of course, if your server has a loophole in PHP can not solve.
http://www.bkjia.com/PHPjc/629691.html www.bkjia.com true http://www.bkjia.com/PHPjc/629691.html techarticle We are only talking about Linux systems, but to prevent the method in any system is valid, let us first look at such operations you can use the code as follows copy code http://www.xx ...