When developing a simple PHP framework, what security issues need attention?

I think it is the simplest PHPmvc framework to use a URL routing function to match the name of the controller and method in the URL. If method_exists is used, the controller of the new controller will use call_user_func_array to execute the method, otherwise, the controller of error is introduced, and each controlle... I think it is the simplest PHP mvc framework. The URL routing function is used to match the name of the controller and method in the URL. If method_exists is used, the controller of new and call_user_func_array is used to execute the method, otherwise, an error controller is introduced. In each controller, you can use require to introduce the model and then use require to introduce tpl. This is my simplest PHP framework idea, what security issues should we pay attention?

Reply content:

I think it is the simplest PHP mvc framework. The URL routing function is used to match the name of the controller and method in the URL. If method_exists is used, the controller of new and call_user_func_array is used to execute the method, otherwise, an error controller is introduced. In each controller, you can use require to introduce the model and then use require to introduce tpl. This is my simplest PHP framework idea, what security issues should we pay attention?

• Path Problem. You cannot use a url to call an application's external file, such/etc/passwd

• Data filtering,Never trust any user input. Use of all input datahtmlspecialcharsFilter and import data to the database.

• Database, replaced by PDOmysql_xxxx, Use parameter binding to process external data (if the database only uses mysql, you can also usemysqliExtension)

Aboutcall_user_func_arrayDrupal was previously recruited for security issues.

Http://blog.knownsec.com/2014/10/drupal__callback_nightmare/

requireThis vulnerability may cause file inclusion.

Http://www.neatstudio.com/show-1123-1.shtml