attack php function addslashes designed to prevent

One, CGI mode installation security Second, the Apache module to install security When PHP is installed as an Apache module, it inherits the privileges of the Apache user (usually "nobody"). This has some impact on security and authentication. For

supposed input $name = "Ilia"; DELETE from users; "; mysql_query ("SELECT * from users WHERE name= ' {$name} '"); Copy CodeIt is clear that the last command executed by the database is: SELECT *

As a powerful language, PHP can be installed in either a module or CGI. its interpreter can access files, run commands, and create network connections on the server. These functions may add many insecure factors to the server. you must install and

1. The difference between double quotation marks and single quotation marks Double quote explanatory variable, single quote not explanatory variable Double quotation marks in single quotes, where there are variables in single quotes,

One is to filter the input data (filter input), and one is to not escape the data sent to the database (escape output). These two important steps are indispensable and require special attention at the same time to reduce procedural errors. For an

When it comes to website security, you have to mention SQL injection (SQL injection), if you use ASP, SQL injection must have a deep understanding of PHP security is relatively high, this is because MYSQL4 the following version does not support

17, Isset, empty, is_null the differenceIsset determines whether a variable is defined or is empty 变量存在返回ture，否则返回false 变量定义不赋值返回false unset一个变量，返回false 变量赋值为null，返回false Empty: Determines whether the value of the variable is empty, is null to

An index is a special file (an index on an InnoDB data table is an integral part of a tablespace) that contains reference pointers to all records in the data table. Summary of PHP Elementary classic interview questions (part 1) 17. differences

SQL (Structured Query Language) is a structured query language. SQL injection, which is the insertion of SQL commands into the query string of the Web form's input domain or page request parameters, causes the database server to execute a malicious

[]sql injection SQL injection Many Web developers do not notice that SQL queries can be tampered with, thus treating SQL queries as trustworthy commands. SQL queries can bypass access control, bypassing authentication and permission checking. What'