ÓÃphp¹ýÂË±íµ¥Ìá½»ÖеÄΣÏÕhtml´úÂë
ÓÃPHP¹ýÂËÌá½»±íµ¥µÄhtml´úÂëÀï¿ÉÄÜÓб»ÀûÓÃÒýÈëÍⲿΣÏÕÄÚÈݵĴúÂë¡£ÀýÈ磬ÓÐЩʱºòÓû§Ìá½»±íµ¥Öк¬ÓÐhtmlÄÚÈÝ£¬µ«Õâ¿ÉÄÜÔì³ÉÏÔʾҳÃæ²¼¾Ö»ìÂÒ£¬ÐèÒª¹ýÂ˵ô¡£
ÒÔÏÂÊdzÌÐò´úÂ룺
¸´ÖÆ´úÂë
function uhtml($str)
{
$farr = array(
"/\s+/", //¹ýÂ˶àÓà¿Õ°×
//¹ýÂË <script>µÈ¿ÉÄÜÒýÈë¶ñÒâÄÚÈÝ»ò¶ñÒâ¸Ä±äÏÔʾ²¼¾ÖµÄ´úÂë,Èç¹û²»ÐèÒª²åÈëflashµÈ,»¹¿ÉÒÔ¼ÓÈë<object>µÄ¹ýÂË
"/<(\/?)(script|i?frame|style|html|body|title|link|meta|\?|\%)([^>]*?)>/isU",
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",//¹ýÂËjavascriptµÄonʼþ
);
$tarr = array(
" ",
"£¼\1\2\3£¾",//Èç¹ûÒªÖ±½ÓÇå³ý²»°²È«µÄ±êÇ©£¬ÕâÀï¿ÉÒÔÁô¿Õ
"\1\2",
);
$str = preg_replace( $farr,$tarr,$str);
return $str;
}
Ïà¹ØÎĵµ£º
¿ÉÒÔ½«Êý×éºÍ¶ÔÏóÖ±½Ó´æÈëÊý¾Ý¿âÖеÄijһ×ֶΡ£
ʹserialize()Êǽ«Êý×é·´ÐòÁл¯ÔÙ´æÈëÊý¾Ý¿â£¬ÐòÁл¯»°ÍêµÄÊý¾Ý¾ÍÊÇÒ»¸ö×Ö·û´®¡£
ÌáÈ¡µÄʱºò£¬ÓÃunserialize()·´ÐòÁл¯È¡£¬È¡³öÀ´µÄ»¹ÊǸöÊý×é¡£
$arr = array('value1','value2','value3');
$str = serialize($arr); //ÐòÁл¯
$new_str = unserialize($temp); //·´ÐòÁÐ ......
´úÂëÈçÏÂ,javascript:alert(document.cookie=”adminuser=”+escape(”admin”));javascript:alert(document.cookie=”adminpass=”+escape(”admin”));javascript:alert(document.cookie=”admindj=”+escape(”1″));
´ÓÕâ¾ä´úÂë¿ÉÒÔ¿´³ö£¬¾ÍÊÇÀûÓÃÁËcook ......
¼ò ½é
PHPÈ¡µÃ³É¹¦µÄÒ»¸öÖ÷ÒªÔÒòÖ®Ò»ÊÇËýÓµÓдóÁ¿µÄ¿ÉÓÃÀ©Õ¹¡£web¿ª·¢ÕßÎÞÂÛÓкÎÖÖÐèÇó£¬ÕâÖÖÐèÇó×îÓпÉÄÜÔÚPHP·¢ÐаüÀïÕÒµ½¡£PHP·¢Ðаü°üÀ¨Ö§³Ö¸÷ÖÖÊý¾Ý¿â£¬Í¼ÐÎÎļþ¸ñʽ£¬Ñ¹Ëõ£¬XML¼¼ÊõÀ©Õ¹ÔÚÄÚµÄÐí¶àÀ©Õ¹¡£
À©Õ¹APIµÄÒýÈëʹPHP3È¡µÃÁ˾޴óµÄ½øÕ¹£¬À©Õ¹API»úÖÆʹPHP¿ª·¢ÉçÇøºÜÈÝÒ׵Ŀª·¢³ö¼¸Ê®ÖÖÀ©Õ¹¡£ÏÖÔÚ£¬Á½¸ ......
$_SERVER['PHP_SELF'] #µ±Ç°ÕýÔÚÖ´Ðнű¾µÄÎļþÃû£¬Óë document rootÏà¹Ø¡£
$_SERVER['argv'] #´«µÝ¸ø¸Ã½Å±¾µÄ²ÎÊý¡£
$_SERVER['argc'] #°üº¬´«µÝ¸ø³ÌÐòµÄÃüÁîÐвÎÊýµÄ¸öÊý£¨Èç¹ûÔËÐÐÔÚÃüÁîÐÐģʽ£©¡£
$_SERVER['GATEWAY_INTERFACE'] #·þÎñÆ÷ʹÓÃµÄ CGI ¹æ·¶µÄ°æ±¾¡£ÀýÈ磬“CGI/1.1”¡£
$_SERVER['S ......
1²éÕÒ×Ö·ûλÖú¯Êý£º
strpos($str,search,[int]):²éÕÒsearchÔÚ$strÖеĵÚÒ»´ÎλÖôÓint¿ªÊ¼£»
stripos($str,search,[int]):º¯Êý·µ»Ø×Ö·û´®ÔÚÁíÒ»¸ö×Ö·û´®ÖеÚÒ»´Î³öÏÖµÄλÖ᣸ú¯Êý¶Ô´óСд²»Ãô¸Ð
strrpos($str,search,[int]):²éÕÒsearchÔÚ$strÖеÄ×îºóÒ»´Î³öÏÖµÄλÖôÓint
2¡¢ÌáÈ¡×Ó×Ö·ûº¯Êý£¨Ë«×Ö½Ú£©
subm ......
