Php Basics, common vulnerabilities, and simple prevention. Common php attacks and security defense:
1. Xss + SQL injection:
Xss protection for input:
$ _ REQUEST = filter_xss ($ _ REQUEST); $ _ GET = filter_xss ($ _ GET); $ _ POST, $ _ COOKIE,
SQL injection:
Filter_ SQL ();
The simplest xss function is htmlspecialchars;
The simplest SQL function is mysql_real_escape_string ();
2. command execution
Php code execution, if eval
Execute the shell command exec
File processing, fopen, fwirte, etc.
3. Upload vulnerability
The most secure method is random naming and the filename suffix whitelist. generally, do not grant execution permissions.
4. file inclusion functions
For example, include_once, require (), require_once (), and some vulnerabilities such as down. php? File =/.../. etc/passwd, directly download the server configuration file.
5. permission bypass
A. unauthorized access to background files. The most common is the session verification code.
B. for user isolation, for example, mail. php? Id = 23 shows your letter, so id = 24 can view others' letters.
6. information leakage
Such vulnerabilities are relatively low, such as file path exposure and source code exposure.
Generally, the error message "error_reporting (0);" is disabled and stored in a public configuration file.
Of course, there are also many vulnerabilities, such as cookie forgery and cross-origin.