PHP xfocus anti-injection data _php tips

There's not much technical content here, I just talked about it quite simply. (The following operations, such as no specific description, are based on php+mysql+apache situation) in the current various hackers rampant, how to achieve their own PHP code security, to ensure that the security program and the server is a very important question, I casually read the information about PHP security, not many, At least less than the ASP, hehe, so I want to write something to prevent these possible situations. There's not much technical content here, I just talked about it quite simply. (The following actions, if not specified, are based on the php+mysql+apache situation)
First of all, let's take a look at two articles:
Http://www.xfocus.net/articles/200107/227.html
Http://www.xfocus.net/articles/200107/228.html

The above article is security focus on the PHP security article, basically a more comprehensive introduction of some security issues about PHP.

In PHP coding, if you take into account some of the more basic security issues, first of all:
1. Initialize your variables

Why do you say that? Let's look at the following code:
if ($admin)
{
Echo ' landed successfully! ';
Include (' admin.php ');
}
Else
{
Echo ' You're not an admin, you can't manage! ';
}

OK, let's see the code above seems to be working properly, no problem, then join me to submit an illegal parameter to the past, then what will be the effect? For example, our page is http://www.traget.com/login.php, then we submit: Http://www.target.com/login.php?admin=1, hehe, you think some, we are not directly the administrator, Direct management.
Of course, we may not make such a simple mistake, then some very secret mistakes can also lead to this problem, such as the recent burst out of the Phpwind 1.3.6 Forum has a loophole, resulting in direct access to administrator rights, because there is a $skin variable initialization, resulting in a series of problems in the back.

So how do we avoid the above problems? First of all, starting from the php.ini, the php.ini inside the Register_global = off, is not all the registration variables for the overall, then you can avoid. However, we are not server administrators, can only be improved from the code, then how do we improve the above code? We rewrite the following:
$admin = 0; Initializing variables
if ($_post[' Admin_user '] && $_post[' Admin_pass ')
{
To determine if the Admin user name and password submitted are correct for the corresponding processing code
// ...
$admin = 1;
}
Else
{
$admin = 0;
}

if ($admin)
{
Echo ' landed successfully! ';
Include (' admin.php ');
}
Else
{
Echo ' You're not an admin, you can't manage! ';
}

Then you will not be able to submit the http://www.target.com/login.php?admin=1, because we initially put the variable into $admin = 0, then you can not get administrator rights through this vulnerability.


2. Prevent SQL injection (SQL injection)

SQL injection should be the most harmful to the current program, including the earliest from ASP to PHP, is basically the domestic two years of popular technology, the basic principle is through the submission of the variable does not filter the formation of injection points and then enable malicious users to submit some SQL query statements, resulting in the theft of important data, data loss or damage, or be hacked into backstage management.
The basic principle I do not say, we look at the following two articles is very clear:
Http://www.4ngel.net/article/36.htm
Http://www.4ngel.net/article/30.htm

So if we understand the basic way of injecting invasion, how can we guard against it? This is where we start with the code.

We know that there are two ways to submit data on the Web, one is get, one is post, so many of the most common SQL injections are started with a Get method, and the injected statement must contain some SQL statements, because there is no SQL statement, then how to do, the SQL statement has four sentences:
Select, Update, delete, insert, can we avoid these problems if we filter through the data we submit?
So we use the regular to build the following functions:

/*
Function name: Inject_check ()
Function: Detect the submitted value contains SQL injected characters, prevent injection, protect server security
Parameters: $sql _STR: Submitted variables
Return value: Returns the detection result, ture or False
Function Author: heiyeluren
*/
function Inject_check ($sql _str)
{
Return eregi (' select|insert|update|delete| ' | /*|*|.. /|.    /|union|into|load_file|outfile ', $sql _str); To filter
}

In our function we put select,insert,update,delete, union, into, Load_file, outfile/*, ... /, ' and so on the dangerous parameter string is all filtered out, then can control the submitted parameters, the program can be built:

if (Inject_check ($_get[' id '))
{
Exit (' You submit the data illegally, please check and resubmit! ');
}
Else
{
$id = $_get[' id '];
Echo ' submitted data legal, please continue! ';
}
?>
If we submit the URL as: http://www.target.com/a.php?id=1, then we will be prompted:
"The data submitted is legal, please continue!" "
If we submit http://www.target.com/a.php?id=1 ' select * from Tb_name
There will be a hint: "You submit the data is illegal, please check and resubmit!" "

Then we have reached our request.

However, the problem has not been solved, if we are submitting a http://www.target.com/a.php?id=1asdfasdfasdf, we this is in line with the above rules, but it is not in line with the requirements, so we in order to possibly other circumstances, We'll build a function to check:

/*
Function name: verify_id ()
Function: Verify that the submitted ID class value is legitimate
Parameters: $id: Submitted ID values
Return value: Returns the processed ID
Function Author: heiyeluren
*/
function verify_id ($id =null)
{
if (! $id) {exit (' No submit parameters! '); }//IS NULL judgment
ElseIf (Inject_check ($id)) {exit (' submitted parameter illegal! '); }//Injection judgment
ElseIf (!is_numeric ($id)) {exit (' submitted parameter illegal! '); }//Digital judgment
$id = Intval ($id); Integral type

return $id;
}

Well, then we'll be able to verify, so our program code above becomes the following:

if (Inject_check ($_get[' id '))
{
Exit (' You submit the data illegally, please check and resubmit! ');
}
Else
{
$id = verify_id ($_get[' id ')); This refers to our filter function, which filters the $id.
Echo ' submitted data legal, please continue! ';
}
?>

Well, the problem seems to have been solved here, but have we considered the data submitted by post, the large amount of data?
For example, some characters may cause harm to the database, such as ' _ ', '% ', these characters all have special meaning, then if we control it? Another point is that when our php.ini inside the MAGIC_QUOTES_GPC = off, then the submission of data that does not conform to the database rules is not automatically in front of the "", then we want to control these problems, and then build the following functions:

/*
Function name: Str_check ()
Function: Filter the submitted string
Parameters: $var: strings to be processed
Return value: Returns the filtered string
Function Author: heiyeluren
*/
function Str_check ($STR)
{
if (!GET_MAGIC_QUOTES_GPC ())//Determine if MAGIC_QUOTES_GPC is open
{
$str = Addslashes ($STR); To filter
}
$str = Str_replace ("_", "_", $str); To filter out the ' _ '
$str = str_replace ("%", "%", $str); To filter out '% '

return $str;
}

OK, once again we avoid the risk of the server being lost.

Finally, consider submitting some large quantities of data, such as posting, or writing articles, news, we need some functions to help us filter and convert, and then on the basis of the function above, we build the following functions:

/*
Function name: Post_check ()
Function: Handle the edited content of the submission
Parameters: $post: Content to submit
return value: $post: Back to filtered content
Function Author: heiyeluren
*/
function Post_check ($post)
{
if (!GET_MAGIC_QUOTES_GPC ())//To determine if MAGIC_QUOTES_GPC is open
{
$post = Addslashes ($post); To filter the submitted data without opening the MAGIC_QUOTES_GPC
}
$post = Str_replace ("_", "_", $post); To filter out the ' _ '
$post = str_replace ("%", "%", $post); To filter out '% '
$post = NL2BR ($post); Carriage return Conversion
$post = Htmlspecialchars ($post); HTML markup Conversion

return $post;
}

Oh, basically to here, we put some cases are said again, in fact, I think I speak a few things, at least I only said two aspects, and the whole security is very little content, consider the next time to speak more, including PHP security Configuration, Apache security and so on, so that our security is a whole, As the safest.

The last one to tell you the above: 1. Initialize your variable 2. Always remember to filter your variables.