Chapter 2 Web Application Security
Chapter 17 authentication using PHP and MySQL...
Password hash encryption ,,,
Shal (); returns a pseudo-random string of 40 bytes ....
MySQL also provides the SHA-1 algorithm.
Sha1 ('value ');
Chapter 18 Use PHP and MySQL for security transactions
Some technologies that shield user input
1. You must use addslashes () to filter user data before it is inserted into the database. Use the stripslashes () function to return the data to the original form.
2. Enable magic_quotes_gpc and magic_quotes_runtime in PHP. ini.
3. When the number of users is passed to system () or exec (), the escapeshellcmd () function must be used to filter out malicious commands.
4. Use strip_tags () to remove HTML and PHP tags from strings to prevent users from embedding malicious scripts into user information.
5. Use htmlspecialchars () to convert any script tag to harmless characters.
<Convert to $ lt;
Article 4 advanced PHP Technology
Chapter 4 interaction with file systems and servers
File Upload
First, you need to know several configurations in PHP. ini.
File_uploads
Upload allowed?
Default on
Upload_tmp_dir
Folder when files are uploaded
Null
Upload_max_filesize
Maximum file size allowed to be uploaded
2 m
Post_max_size
The largest amount of data uploaded through post
8 m
Form
<Input type = "hidden" name = "max_file_size"
Value = "10000000"/> set the maximum length of the uploaded file.
The information of the uploaded file is stored in the super Global Array $ _ file.
$ _ File ["name of the file in the upload form"] ['tmp _ name'] location where the file is stored on the Web Server
['Name'] file name ['SIZE'] File Size ['type'] File's mine type ['error'] any error code related to File Upload
You also need to determine whether it is an uploaded file function.
Is_upload_file ()
Move the uploaded file move_upload_file ()
Basename ('path', 'filter characters ')
Echo
'File upload error code: '. $ _ FILES ['userfile'] ['error'].' <br
/> ';
Echo 'file upload path: '. $ _ FILES ['userfile'] ['tmp _ name'].' <br
/> ';
Echo 'file upload name: '. $ _ FILES ['userfile'] ['name'].' <br
/> ';
Echo 'file size: '. $ _ FILES ['userfile'] ['SIZE'].' <br
/> ';
Echo 'file type: '. $ _ FILES ['userfile'] ['type'].' <br
/> ';
File Upload error code: 0
File Upload path: C: \ WINDOWS \ temp \ php9b. tmp
File Upload name: install.html
Size: 2867
File Type: text/html
Directory reading
Opendir (directory name) Open a directory
Flase! === ($ File = readdir () read a directory
Last closedir ()Rewinddir () restores the read file to the start directory.