Linux prevent PHP forgery local file resolution _php tutorial

We only talk about Linux systems, but to prevent the method in any system is effective, let's first look at the operation

You can use this

The code is as follows	Copy Code
http://www.xxx.com/index.php?page=../etc/passwd http://www.xxx.com/index.php?page=../../../etc/passwd http://www.xxx.com/index.php?page=..../../etc/passwd For more data: Etc/profile Etc/services /etc/passwd /etc/shadow /etc/group /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits /usr/lib/security/mkuser.default

Like the above code if you are

Page=$_get that's the end of the story, because we have only numbers on the page, so we do this.

The code is as follows	Copy Code
? Page=intval ($_get);

So we can not commit the character, we use the Intval function to filter, then the submission of the character how to deal with it.

We use PHP's own function addslashes and htmlspecialchars to filter the characters as they are processed.

Such as

The code is as follows	Copy Code
$body = Htmlspecialchars (Isset ($_get[$str]) $_get[$str]: ");

This basically filters a variety of security injections, of course, if your server has a loophole in PHP can not solve.

http://www.bkjia.com/PHPjc/629691.html www.bkjia.com true http://www.bkjia.com/PHPjc/629691.html techarticle We are only talking about Linux systems, but to prevent the method in any system is valid, let us first look at such operations you can use the code as follows copy code http://www.xx ...

