use mysql_real_escape_string () to prevent SQL injection problems.
Use regular expressions and strlen () to ensure that the GET data is not tampered with.
Use regular expressions and strlen () to ensure that the data submitted by the user does not overflow the memory buffer.
Use Strip_tags () and htmlspecialchars () to prevent users from committing potentially harmful HTML tags.
Avoid the system being broken by tools such as Tamper Data.
Use unique tokens to prevent users from submitting forms remotely to the server.
Rule 1: Never trust external data or input data
For example: Get variable, form post, database, configuration file, Session variable or COOKID solution: a simple way to clean up user input, use regular expressions to handle, only want to receive letters, strings limited to a specific number of characters, or all the letters are lowercase $ MyUserName = cleanInput ($_post[' username '); clean!
$arrayUsers = Array ($myUsername, ' Tom ', ' Tommy '); clean!
Define ("greeting", ' hello there '. $myUsername); clean!
function CleanInput ($input) {
$clean = Strtolower ($input);
$clean = Preg_replace ("/[^a-z]/", "", $clean);
$clean = substr ($clean, 0,12);
return $clean;
}
Rule 2: Disable PHP settings that make security difficult to implementFor example, to make sure that register_globals is disabled. On-line is to ensure that the error reporting level has been closed
Rule 3:sql Injection
- use Mysql_real_escape_string () as the wrapper for user input.
- $sql = "SELECT count (*) as Ctr from user where username = '". Mysql_real_escape_string ($username). " ' and password = ' ". Mysql_real_escape_string ($PW)." ' Limit 1 '; Use this function to escape characters in a string so that strings cannot be passed ' special symbols like '
- Prevent user manipulation of variables
in the URL address bar, there is usually a location that points to Template.php?pid = 33 or Template.php?pid = 456, and the part after the question mark in the URL is called a query string, also known as a Get query string$pid = $_get[' pid '];$obj = new Page ();$content = $obj->fetchpaget ($pid);The code looks fine, but the user can enter values at random on the address bar. We should make sure that the PID should be a number, can use Is_numeric (), but not enough, if it is 10.2,+0234.34e5,0xff339988f, we can use the regular to display the Get variable Preg_match ('/^[0-9+$] /', $pid). Also check whether the length of the variable is 0, show the length of the variable, and prevent buffer overflow$pid = $_get[' pid '];
if (strlen ($pid)) {
if (!ereg ("^[0-9]+$", $pid) && strlen ($pid) > 5) {
}
}else{
}
$obj = new Page;
$content = $obj->fetchpage ($pid);
?> [/php]
A buffer overflow attack sends a large amount of data to the buffer, causing partial data to overflow into adjacent memory buffers, thereby destroying the buffer or rewriting logic. This can cause denial of service, corrupt data, or execute malicious code on a remote server.
The only way to prevent buffer overflow attacks is to
Check the length of all user inputif ($_post[' submit '] = = "Go") {
$name = substr ($_post[' name '],0,40);
}
?>
$_server[' php_self '];? > "method=" POST ">
Name
"Name" id= "name" size= "20″maxlength=" 40″/>
- Prevent hexadecimal characters
if ($_post[' submit '] = = "Go") {
$name = substr ($_post[' name '],0,40);
$name = Cleanhex ($name);
}
function Cleanhex ($input) {
$clean = Preg_replace ("![ \][XX] ([a-fa-f0-9]{1,3})! "," ", $input);
return $clean;
}
- Cross-site scripting attacks
PHP provides the Strip_tags () function, which clears any content that surrounds the HTML tag. The Strip_tags () function also allows you to provide a list of allowed tokens, such as
if ($_post[' submit '] = = "Go") {
$name = strip_tags($_post[' name ');
$name = substr ($name, 0,40);
$name = Cleanhex ($name);
}
function Cleanhex ($input) {
$clean = preg_replace\
(”! [\] [XX] ([a-fa-f0-9]{1,3})! "," ", $input);
return $clean;
}From a security point of view, it is necessary to use STRIP_TAGS () for public user input. If your form is in a protected area, such as a content management system, and you believe that users will perform their tasks correctly (such as creating HTML content for a Web site), then using Strip_tags () may be unnecessary and will affect productivity.
The benefit of the WEB is the ability to share information and services. The downside is the ability to share information and services, because some people do things without scruple.
Take the form as an example. Anyone can access a Web site and use File > Save as on the browser to create a local copy of the form. He can then modify the action parameter to point to a fully qualified URL (not pointing to formhandler.php, but pointing to http://www.yoursite.com/ formhandler.php, because the form is on this site), making any changes he wants, click Submit, and the server will receive the form data as a legitimate communication stream.
You might want to consider checking $_server[' http_referer '] to see if the request is from your own server, which can block most malicious users, but not the most sophisticated hackers. These people are smart enough to tamper with the referrer information in the header, making the remote copy of the form look like it was submitted from your server.
A better way to handle a remote form submission is to generate a token based on a unique string or timestamp and place the token in the session variables and forms. After submitting the form, check that the two tokens match. If it doesn't match, you know someone is trying to send data from a remote copy of the form.
To create a random token, you can use PHP's built-in MD5 (), uniqid (), and Rand () functions as follows:
Listing 18. Defend against remote form submissions
[PHP] Session_Start ();
if ($_post[' submit '] = = "Go") {
Check token
if ($_post[' token '] = = $_session[' token ')} {
$name = strip_tags ($_post[' name ');
$name = substr ($name, 0,40);
$name = Cleanhex ($name);
}else{
}
}
$token = MD5 (Uniqid (rand (), true));
$_session[' token ']= $token;
function Cleanhex ($input) {
$clean = Preg_replace ("![ \][XX] ([a-fa-f0-9]{1,3})! "," ", $input);
return $clean;
}
?>
Talk about some deadly knowledge of PHP's code security related
