PHP??????????????

????php??????????????????????????????????????????????????????????????????????????????跭????????????????????????Щ?д????????
???????
???????????????????????????????????μ??????????????????????????PHP?????????????????????????????????о????????????????????κ??漰??????????????????????????????????????????翪????????????????????????
???????????????????
????????????
????????????Javascript??????????????????????????????????????????javascript???棬???????POST??????????????????????????????????????????php?????????????????????XSS??????SQL???
?????????????
?????????????????????????????????????????????????????в??????????????????????
?????????????
??????php.ini????н????????????
????register_globals = Off
??????????????????????????????????????????????process.php???????????????????????????????????????????????????????￡?
????<input name="username" type="text" size="15" maxlength="64">
???????????????????process.php???php????????$username???????????????????????process.php?????????κ?POST??GET?????????????????????????????????????????г?????????????????????
????<?php
????// Define $authorized = true only if user is authenticated
????if (authenticated_user()) {
????$authorized = true;
????}
?????>
?????????????authenticated_user???????ж?$authorized??????????????????register_globals?????????κ??????????????????????????$authorized?????????????????????????????
???????е???Щ?????????????PHP????????????????????????????$_POST??$_GET??$_FILES??$_SERVER??$_REQUEST???????$_REQUEST?????$_GET/$_POST/$_COOKIE???????????????????????????$_COOKIE??$_POST??$_GET??
??????????????????
????error_reporting?????Off???????????????????????????????????????ON
????safe_mode?????Off
????register_globals?????Off
?????????o????????system??exec??passthru??shell_exec??proc_open??popen
????open_basedir????? /tmp ????????????session????д洢??????????????????????
????expose_php?????Off
????allow_url_fopen?????Off
????allow_url_include?????Off
????SQL?????
?????????????????SQL?????????????????????????????????????????е?SQL?????????????????????????
????$sql = "select * from pinfo where product = '$product'";
??????????????????$product???????
????39'; DROP pinfo; SELECT 'FOO
?????????SQL??????????μ??????
????select product from pinfo where product = '39'; DROP pinfo; SELECT 'FOO'
????????????????SQL????????pinfo??????????????????????????
????????????????????PHP?????ú????????
????$sql = 'Select * from pinfo where product = '"'
????mysql_real_escape_string($product) . '"';
???????SQL?????????????????￡?
????????????????????????????
???????????????????????????????????????mysql_real_escape_string???????????
??????????????????????飬???????php??Magic Quotes???????????php6????????????????????????????????塣
?????????????XSS????
????XSS?????????????????????????????????У???????XSS???????????javascript??????????????????棬??????????????cookie????????
????XSS?????SQL???????????????????????????XSS????????????????????php?????????????????php?????????????????????????????????????????????????????й???????????HTML??????????a???????????????????????????
????function transform_HTML($string?? $length = null) {
????// Helps prevent XSS attacks
????// Remove dead space.
????$string = trim($string);
????// Prevent potential Unicode codec problems.
????$string = utf8_decode($string);
????// HTMLize HTML-specific characters.
????$string = htmlentities($string?? ENT_NOQUOTES);
????$string = str_replace("#"?? "#"?? $string);
????$string = str_replace("%"?? "%"?? $string);
????$length = intval($length);
????if ($length > 0) {
????$string = substr($string?? 0?? $length);
????}
????return $string;
????}
?????????????HTML???????????????HTML??壬?????????????????????????????????????<strong>bold</strong>????????
????&lt;STRONG&gt;BoldText&lt;/STRONG&gt;
???????????????????htmlentities???????????????html??????????html???????????????????????XSS??????
????????????о????XSS????????и????????????й???????????????????????????????utf-8???????????????ASCII?????????????????????????У?
????<a href="http://host/a.php?variable=%22%3e %3c%53%43%52%49%50%54%3e%44%6f%73%6f%6d%65%74%68%69%6e%67%6d%61%6c%69%63%69%6f%75%73%3c%2f%53%43%52%49%50%54%3e">
??????????????????????????
????<a href="http://host/a.php?variable="> <SCRIPT>Dosomethingmalicious</SCRIPT>
????????????????????????????????????????transform_HTML??????????????#??%???????????????????????????$length???????????????????????
???????SafeHTML???XSS????
????????????XSS?????????????????????????????????б????????????????????????javascript?????????????а?????????????????
???????????????????????????????????????????????????????????????????????????????????????????????????????а??????????????Ч??
?????????????????????SafeHTML??????????????????Ч??HTML????????????κ?Σ?????????????????HTMLSax???????н?????
??????????SafeHTML???????
????1?????http://pixel-apes.com/safehtml/?page=safehtml ?????μ?SafeHTML
????2??????????????????classes ????????????????е?SafeHTML??HTMLSax??
????3????????????а???SafeHTML?????
????4?????????SafeHTML????
????5?????parse???????й???
????<?php
????/* If you're storing the HTMLSax3.php in the /classes directory?? along
????with the safehtml.php script?? define XML_HTMLSAX3 as a null string. */
????define(XML_HTMLSAX3?? '');
????// Include the class file.
????require_once('classes/safehtml.php');
????// Define some sample bad code.
????$data = "This data would raise an alert <script>alert('XSS Attack')</script>";
????// Create a safehtml object.
????$safehtml = new safehtml();
????// Parse and sanitize the data.
????$safe_data = $safehtml->parse($data);
????// Display result.
????echo 'The sanitized data is <br />' . $safe_data;
?????>
????SafeHTML????????????XSS????????????????????????????????
??????????HASH????????????????
????????hash??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
?????????Hash????????????????????????Hash???????????????????????????????????????????????hash???????????hash??????
????MD5???????????hash??????????????????????п??????????????????MD5??hash???
???????mcrypt????????
????MD5 hash?????????????????????????????????洢????????????????????????м???????洢??????????????н????
???????????????mcrypt??飬??????????????30?м????????????м????????????????
????<?php
????$data = "Stuff you want encrypted";
????$key = "Secret passphrase used to encrypt your data";
????$cipher = "MCRYPT_SERPENT_256";
????$mode = "MCRYPT_MODE_CBC";
????function encrypt($data?? $key?? $cipher?? $mode) {
????// Encrypt data
????return (string)
????base64_encode
????(
????mcrypt_encrypt
????(
????$cipher??
????substr(md5($key)??0??mcrypt_get_key_size($cipher?? $mode))??
????$data??
????$mode??
????substr(md5($key)??0??mcrypt_get_block_size($cipher?? $mode))
????)
????);
????}
????function decrypt($data?? $key?? $cipher?? $mode) {
????// Decrypt data
????return (string)
????mcrypt_decrypt
????(
????$cipher??
????substr(md5($key)??0??mcrypt_get_key_size($cipher?? $mode))??
????base64_decode($data)??
????$mode??
????substr(md5($key)??0??mcrypt_get_block_size($cipher?? $mode))
????);
????}
?????>
????mcrypt????????????????
????1????????????
????2???????????????????key
????3????????????????????????cipher???? MCRYPT_TWOFISH192??MCRYPT_SERPENT_256?? MCRYPT_RC2?? MCRYPT_DES?? and MCRYPT_LOKI97??
????4?????????????
????5??????????????????????????????????????????????????????????????????
????6??????key??????????????mcrypt_get_key_size??????mcrypt_get_block_size??????????
????????????key????????????????????????ciphers?????е?????????????????????????key????MD5??κ??????????????mcrypt???????????????????????????????????????浽?????????л??????????????????base64encode????Щ????????????????????????檔
?????ο??????http://www.codeproject.com/Articles/363897/PHP-Security