Full troubleshoot PHP application problem _php Tutorial

Use the = = comparison operator sparingly, because PHP is untyped, but the underlying C implementation engine is of type. Eventually there are type conversions, such as the 0== "ABC" result is true, which may not be what we want

Where semantics are a definite type, use the correlation function to explicitly convert: Intval ...
In one place the unified definition of the PHP file contains the path, so that the project in the various parts of the file should not take the path, as long as the file name on the line, facilitate the transfer of files

One of the problems with PHP applications is not to use PHP's global variables directly in functions, class methods, but to provide a single proxy that accesses global variables, either as an object or as a simple function, if you are accessing global variables in a class and modifying objects that use proxy global variables. So there is a definite dependency between the two objects, do not use global variables directly inside the function or variables outside of global, a function should only pass the data in the function parameters. Try not to use global variables and then go around global, paying attention to the repeated submission of the form. This can take a token.

Determine if the system is single or multi-entry

Note Encoding: File storage encoding, page encoding, database encoding, the user's operating system code (the user directly at the address of the input content Ff,opera will be the content according to the operating system encoding UrlEncode encoding, and IE6 as is)

Do not expose the path to the file

After submitting the request, the user shuts down the browser or clicks the browser to stop or other reasons after the network is broken, PHP to continue processing or stop processing, PHP How to know the above: connection-handling (ignore_user_abort,register_ Shutdown_function,connection_status ...)

Time zone issues, if the application is distributed

Explode application on a null value will result in an array containing 1 items: Array (""), but the latter is not false. That is: null is a false value, but explode (', ', null) is true after, so be careful if (explode (', ', $var)) This condition

$var = Null;isset ($var) result is false.

The security Problem of PHP application problem

Verify the input, do not trust the data from the user (Get,post,cookie), for a PHP application, the data should be unified filtering processing, such as encoding HTML tags to prevent XSS, prevent SQL injection.

At the same time for the need to verify the content, PHP to be validated once, because the client's various validation can easily skip (pseudo-form, disable JS and firebug these can be arbitrarily modified HTML tools).

Be aware of the size of the data submitted by the user. such as post data or get data too large may have buffer overflow problem

Be careful with the server's non-PHP files. If the app can upload or download files, to avoid reading files directly from the file name and the user-supplied case, the user may provide some files they should not see, but the PHP program is read out. Also do not display the file path in the returned HTML, the file save path should not let the user see, the user may be based on these paths to guess other files they should not see

If the session is saved in a file, and there are other unknown users on the Web server (such as a rented web host), you should modify the location where the session files are saved, or write the session handler to the database in PHP, because the session is saved in the temp directory by default, and other people can access it. It is dangerous to keep information such as passwords in a session.

The above is a solution to the problem of PHP application.

http://www.bkjia.com/PHPjc/446051.html www.bkjia.com true http://www.bkjia.com/PHPjc/446051.html techarticle Use the = = comparison operator sparingly, because PHP is untyped, but the underlying C implementation engine is of type. Eventually there are type conversions, such as the 0==ABC result is true, which may not be what we want ...

