PHP, CURL and your security! -Php Tutorial

PHP, CURL and your security! Introduction

If you watch TV in the United States recently, you will often see an advertisement ?? A friendly guy said, "I want my computer to be infected with viruses." "I want all my photos to be deleted and I cannot find them ." Or "I want my notebook to sound like a thunder ."

Of course, none of the normal people want this kind of pain, but if you do not take protective measures against your computer, the result is to let hackers succeed. You need to understand that it is like in your home, car or money bag. you cannot open your mouth and put them out. you cannot think that strangers are trustworthy. Most strangers are not as friendly as you think.

If no one tells you how to do this, you may make mistakes. It's silly to ignore it. Fortunately, you read this article. First, let me assume that you are not so stupid.

Things that shouldn't be done

The following is a list that explains what should not be done and why.

This is delicious chocolate, but it contains demons. It means "go to the http://www.webhek.com site, retrieve the page content, run the content, whatever it is ." It doesn't matter if it is like the following content:

Hello World

However, if you are not so lucky, the content of this website is replaced:

Evil ruuLzzzzorz!!! 
  

This code will delete everything on your computer.

This is a little safer, because the code reads the content of the remote page and prints them. Even if Malicious PHP code is inserted into the content, the code is not executed. However, hackers can still inject malicious JavaScript into the content, and you will find that your page is suddenly embedded with countless pop-up ad window pages. This will make your website visitors very angry.

There is a lot of knowledge here, but the above is the biggest problem.

What should I do?

PHP has a very powerful function library, which is designed to securely retrieve content from a remote website. These functions are called CURL. Now, you should not be intimidated by a large number of things on the official CURL page. it is actually very simple.

The following is a simple method to replace the preceding read_file () command:

This is what you should do. The last curl_close () statement is not necessary.

Be careful, you are still at risk of being attacked by malicious JavaScript and cookie attackers on remote websites. Preventing these attacks involves more content. If you want to do this, I suggest using preg_replace () in the PHP regular expression function ().

Let us assume that we want to use CURL to do something. Assume that the website www.website.com is not so stable. Sometimes it does not respond. it takes 30 seconds for a page to be pulled successfully. In this case, our solution is:

This statement means that timeout processing is performed if the data cannot be captured within two seconds. Yes, maybe you prefer to set it to 1 second, even if it times out, because it hinders the speed of your page. (Note: do not set it to 0. This indicates that curl has no timeout limit .)

However, if nothing is retrieved and you want to display a prompt, what should you do? Haha, simple!

 ";}Else {print $ buffer ;}?>

Have you ever begun to feel the power of CURL?