PHP???????????????

???????????? ???????[ 2016/6/28 17:59:12 ] ???????????????????

?????????????????????????绻�??????????????写?????writeup??????斜????????????????????????web?????????械???????????PHP??写????????????????锌??????????SQL???XSS?????????????????PHP??????????????????PHP???????????????PHP????????????????????web???????????妾�??PHP?械?????????????????????????????????????????????????????????????????????????????????PHP??????写???????????PHP????????????????????
????PHP????????
??????PHP?校??????????渭??????
????$param = 1;
????$param = array();
????$param = "stringg";
?????????????????????????????????????????????魏蔚???????????????????????????????????????????????????????????????????
???????????????
??????????????????????????????????GET??????POST?????????int????????????????????????????PHP?????????斜????????????PHP????????????????????????????????????????????????????????
????????????
???????????
??????$a==$b??????
????$a=null;$b=flase ; //true
????$a='';$b=null;  //true
????????????????泻???????????????
????????????????????????????????????????锟�?
????0=='0'  //true
????0 == 'abcdefg' //true
????0 === 'abcdefg' //false
????1 == '1abcdef' //true
????????????????????斜???????????????????????????????锌???????????
????Hash???
???????????????????????????hash????????????????????锟�?
????"0e132456789"=="0e7124511451155" //true
????"0e123456abc"=="0e1dddada" //false
????"0e1abc"=="0"     //true
????????斜??????????????????0ed+????????????????????????????????????????????????????2???????????0??????????????????0ed+????????????????????????????械?md5 collision?锌?????
??????????????
??????????????????????????????斜????????????????????锟�?
????"0x1e240"=="123456"  //true
????"0x1e240"==123456  //true
????"0x1e240"=="1e240"  //false
?????????械???????????0x????????PHP????????????????????????????斜???0×1240??????????????123456????????int?????string?????123456?????????????????械?????????????????????????
???????????
??????????????????int????string??string????int??
????int?string??
????$var = 5;
???????1??$item = (string)$var;
???????2??$item = strval($var);
????string?int??intval()??????
????????????????????????2???????
????var_dump(intval('2')) //2
????var_dump(intval('3abcd')) //3
????var_dump(intval('abcd')) //0
???????intval()????????????????????????????????????????????????????????????????????????intval()????????????0??
????intval()??????????????????械?MYSQL?????????锌?????
?????????????????????????????????渭???未???
????if(intval($a)>1000) {
????mysql_query("select * from news where id=".$a)
????}
??????????$a????锌?????1002 union…..
???????煤???????????????
???????煤???????????????????煤??????????????????????????????????????????械???????????????????????????????????????????????????????
????md5()
????$array1[] = array(
????"foo" => "bar"??
????"bar" => "foo"??
????);
????$array2 = array("foo"?? "bar"?? "hello"?? "world");
????var_dump(md5($array1)==var_dump($array2)); //true
????PHP????械?md5()????????????string md5 ( string $str [?? bool $raw_output = false ] )??md5()?械?????????string??????????????????????array???md5()??????????????????????array??md5???????????????2??array??md5????????????md5()??????????????械?bypass again????锌?????
????strcmp()
????strcmp()??????PHP???????械???????int strcmp ( string $str1 ?? string $str2 )???????strcmp()????2??string?????????????str1小??str2??????-1????????0????????1??strcmp????????????????????????????????ascii???????屑????????????????????????????????
??????????????strcmp()??????????????
????$array=[1??2??3];
????var_dump(strcmp($array??'123')); //null?????????????null???????false??
????strcmp????????????????械?pass check?锌?????
????switch()
???????switch???????????case???卸????switch?????械????????int????????锟�?
????$i ="2abc";
????switch ($i) {
????case 0:
????case 1:
????case 2:
????echo "i is less than 3 but not negative";
????break;
????case 3:
????echo "i is 3";
????}
????????????????????i is less than 3 but not negative????????switch()??????$i??????????????????????2??
????in_array()
??????PHP????校?in_array()???????????bool in_array ( mixed $needle ?? array $haystack [?? bool $strict = FALSE ] )?????strict??????????????in_array??????????????卸?$needle?????$haystack?小???strince????true???in_array()????needls???????haystack?械?????????????
????$array=[0??1??2??'3'];
????var_dump(in_array('abc'?? $array)); //true
????var_dump(in_array('1bc'?? $array)); //true
???????????????????????????true?????’abc’??????0??’1bc’????1??
????array_search()??in_array()????????????