I think it is the simplest PHPmvc framework to use a URL routing function to match the name of the controller and method in the URL. If method_exists is used, the controller of the new controller will use call_user_func_array to execute the method, otherwise, the controller of error is introduced, and each controlle... I think it is the simplest PHP mvc framework. The URL routing function is used to match the name of the controller and method in the URL. If method_exists is used, the controller of new and call_user_func_array is used to execute the method, otherwise, an error controller is introduced. In each controller, you can use require to introduce the model and then use require to introduce tpl. This is my simplest PHP framework idea, what security issues should we pay attention?
Reply content:
I think it is the simplest PHP mvc framework. The URL routing function is used to match the name of the controller and method in the URL. If method_exists is used, the controller of new and call_user_func_array is used to execute the method, otherwise, an error controller is introduced. In each controller, you can use require to introduce the model and then use require to introduce tpl. This is my simplest PHP framework idea, what security issues should we pay attention?
Path Problem. You cannot use a url to call an application's external file, such/etc/passwd
Data filtering,Never trust any user input
. Use of all input datahtmlspecialchars
Filter and import data to the database.
Database, replaced by PDOmysql_xxxx
, Use parameter binding to process external data (if the database only uses mysql, you can also usemysqli
Extension)
Aboutcall_user_func_array
Drupal was previously recruited for security issues.
Http://blog.knownsec.com/2014/10/drupal__callback_nightmare/
require
This vulnerability may cause file inclusion.
Http://www.neatstudio.com/show-1123-1.shtml