´ÓphpÏòJavaScript±äÁ¿´«Öµ
<?php
$conn = "what's the fucking";
?>
<mce:script type="text/javascript"><!--
var innn = "<?php echo $conn ?>";
document.write(innn);
// --></mce:script>
phpºÍJavaScriptµÄ±äÁ¿²»ÄÜͨÓ㬵«µ±ÎÒÃÇÐèÒªÔÚÒ»¸öÒ³ÃæʹÓÃͬһ¸ö±äÁ¿Ê±£¬¿ÉÒÔÔÚJavaScriptÀïǶÈëphp´úÂëʵÏÖ¡£
Ïà¹ØÎĵµ£º
1¡¢PHP4ÒÔºó»ñÈ¡´«ÖµµÄ·½·¨
Ò»°ãÔÚÒ³ÃæÖд«Öµ³£¼ûµÄÊÇPOST¡¢GETºÍCOOKIE¼¸ÖÖ£¬ËùÒÔÏÂÃæÎÒÒ²Ö÷Òª½éÉÜÕ⼸ÖÖ¡£PHP4ÒԺ󶼲ÉÓõÄÊÇ$_POST¡¢$_GETµÈÊý×éÀ´»ñÈ¡ÍøÒ³´«Öµ¡£ÔÚPHP3.0¼°ÒÔÏ°汾¶¼ÊÇÓõÄÊÇ$HTTP_POST_VARS¡¢$HTTP_GET_VARSµÈÊý×飬¾ßÌå´úÂëÈçÏÂ
echo $_POST['dopost'];
?>
< form action="weste_net.php" ......
¶ÔÓڽű¾°²È«Õâ¸ö»°ÌâºÃÏñÓÀԶûÍêûÁË£¬Èç¹ûÄã¾³£µ½¹úÍâµÄ¸÷ÖÖ¸÷ÑùµÄbugtraqÉÏ£¬Äã»á·¢ÏÖÓÐÒ»°ëÒÔÉ϶¼ºÍ½Å±¾Ïà¹Ø£¬ÖîÈçSQL
injection£¬XSS£¬Path Disclosure£¬Remote commands executionÕâÑùµÄ×ÖÑ۱ȱȽÔÊÇ£¬ÎÒÃÇ¿´ÁËÖ®ºóµÄÓÃ;ÄѵÀ½ö½öÊÇ×¥È⼦?¶ÔÓÚÎÒÃÇÏë×öweb°²È«µÄÈËÀ´Ëµ£¬×îºÃ¾ÍÊÇÄÃÀ´Ñ§Ï°
£¬¿ÉÊÇÍòÎï×¥¸ùÔ´£¬ÎÒà ......
1.ʹÓÃPHPµÄ´´Ê¼ÈË Rasmus Lerdorf дµÄAPCÀ©Õ¹Ä£¿éÀ´ÊµÏÖ£¨http://pecl.php.net/package/apc£©
APCʵÏÖ·½·¨£º
°²×°APC£¬²ÎÕÕ¹Ù·½Îĵµ°²×°£¬¿ÉÒÔʹÓÃPECLÄ£¿é°²×°·½·¨¿ìËÙ¼ò½Ý£¬ÕâÀﲻ˵Ã÷
ÅäÖÃphp.ini£¬ÉèÖòÎÊý apc.rfc1867=1 £¬Ê¹APCÖ§³ÖÉÏ´«½ø¶ÈÌõ¹¦ÄÜ£¬ÔÚAPCÔ´Âë˵Ã÷ÎĵµÀïÃæÓÐ˵Ã÷
´úÂë·¶Àý£º
¸´ÖÆPHPÄÚÈݵ½¼ô ......
PHPÅúÁ¿È¡µÃcheckboxµÄÖµ
1¡¢ÃüÃû
<input type='checkbox' name='checkbox[]' value=$dwmyrow[banzhu] />
2¡¢Ê¹ÓÃ
µ±¼Æ»®µ±×÷sqlÖ¸ÁîµÄÒ»²¿·Öʱ£ºÈç¹û²ÎÓë¿ØÖƵÄ×Ö¶ÎÊÇÊýÖµÐ͵ģ¬Ôò
if(! empty($_POST['checkbox'])) {
$expr = join(",", $_POST['checkbox']);
$sql = "select * from tbl_name where field in ......
PHP4:
<?
$sample1 = new StdClass();
$sample1->name = "Hasin";
$sample2 = $sample1;
$sample2->name = "Afif";
echo $sample1->name;
?>
In PHP4 it works differently; it will output Hasin, as both are different from
each other.
PHP5:
<?
$sample1 = new StdClass();
$ ......
