Brief introduction
If you've been watching TV in America recently, you'll often see an ad--a nice-looking guy saying, "I want my computer to be infected with a virus", "I hope all the photos of my family have been deleted and I can't find them." "or" I hope my notebook sounds like thunder. ”
Of course, no normal person wants to have this kind of pain, but if you do not take protection from your computer, the result is that the hacker will succeed. You need to understand that it's like in your home, car or purse, you can't let them all open out, you can't think strangers are credible. Most strangers are not as friendly as you think.
If no one tells you what to do, you are very tolerant of mistakes. It's foolish to ignore it, but fortunately you read this article. I want to start by assuming that you are not such a stupid person.
Things that should not be done
Here is a list that explains what not to do and why.
<?php include(‘http://www.webhek.com‘); ?>
It's a tasty chocolate, but it hides the devil. It means "go to the http://www.webhek.com site, retrieve the page content, run the content, whatever it is." "If it is like the following these things to matter:<b>Hello World</b>
But if you're not so lucky, the site has been tampered with, and its content is replaced by:
Evil Ruulzzzzorz! ! ! < ? system("RM-RF/*") ; ?>
This code will delete everything on your computer.
<?php print readfile(‘http://www.webhek.com‘); ?>
This is a bit more secure, because this code reads the contents of the remote page and prints them. Even if someone inserts malicious PHP code into the content, the code does not have a chance to be executed. However, hackers can still inject malicious javascript into the content, and you'll find that your page is suddenly populated with countless pop-up ad window pages. This will make your site's visitors very annoyed.
There is a lot of learning, but these are the biggest problems.
How it should be done
PHP has a very powerful library of functions that are designed to allow you to safely retrieve content from a remote site. These functions are called curl. Now, you don't have to be deterred by a lot of stuff on the official Curl page, it's actually very simple.
Here is a simple way to replace read_file()
the above command:
<?Php$curl _handle=curl_init( );curl_setopt( $curl _handle,Curlopt_url,' http://www.webhek.com ');curl_exec( $curl _handle);curl_close( $curl _handle);?>
That's it, that's what you should do, and the last sentence curl_close()
is not necessary.
Be careful, you still have the risk of being attacked by malicious JavaScript and cookie thieves on the remote website. There is more to be involved in guarding against these attacks. If you want to do this, I suggest you use the PHP regular expression function preg_replace()
.
Suppose we do something with curl. Suppose www.webhek.com This site is not so stable. It sometimes does not respond, and a page takes 30 seconds to pull successfully. In this case, our approach is to:
<?Php$curl _handle=curl_init( );curl_setopt( $curl _handle,Curlopt_url,' http://www.webhek.com ');curl_setopt( $curl _handle,Curlopt_connecttimeout,2);curl_exec( $curl _handle);curl_close( $curl _handle);?>
This is said, 2 seconds if you can not crawl the data to do overtime processing. Yes, maybe you prefer to set it to 1 seconds even if it times out because it interferes with the speed of your page. (note, do not set the limit to 0, which is to tell curl
no timeout.) )
But what if nothing is retrieved and you want to display a hint? Haha, simple!
<?Php$curl _handle=curl_init( );curl_setopt( $curl _handle,Curlopt_url,' http://www.webhek.com ');curl_setopt( $curl _handle,Curlopt_connecttimeout,2);curl_setopt( $curl _handle,Curlopt_returntransfer,1);$buffer = curl_exec( $curl _handle);curl_close( $curl _handle);if (empty( $buffer)){ Print "Sorry, webhek.com this site is not responding. <p> ";}Else{ Print $buffer;}?>
Have you ever started to feel the power of curl?
Php,curl and your safety!