\u4e3a\u4e86\u63d0\u9ad8 PHP \u51fd\u6570\u4ee3\u7801\u7684\u5b89\u5168\u90e8\u7f72\uff0c\u5efa\u8bae\u9075\u5faa\u4ee5\u4e0b\u6700\u4f73\u5b9e\u8df5\uff1a\u542f\u7528\u4e25\u683c\u6a21\u5f0f\uff0c\u6d88\u9664\u9519\u8bef\u548c\u4e0d\u5b89\u5168\u884c\u4e3a\u3002\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u9632\u6b62\u6ce8\u5165\u653b\u51fb\u3002\u8f6c\u4e49\u8f93\u51fa\uff0c\u9632\u6b62\u8de8\u7ad9\u811a\u672c (XSS) \u653b\u51fb\u3002\u4f7f\u7528\u5b89\u5168\u51fd\u6570\uff0c\u4f8b\u5982 password_hash()\u3002\u9650\u5236\u6587\u4ef6\u4e0a\u4f20\uff0c\u9632\u6b62\u6076\u610f\u4ee3\u7801\u6267\u884c\u3002<\/p>\n
![\"PHP](\"https:\/\/www.17golang.com\/uploads\/20241026\/1729935748671cb9844f871.jpg\" "\\"PHP")
<\/p>\n
PHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u6700\u4f73\u5b9e\u8df5\uff1a\u63d0\u5347\u5b89\u5168\u6027<\/h2>\n
\u524d\u8a00<\/strong><\/p>\n PHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u662f Web \u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u4e2d\u7684\u91cd\u8981\u73af\u8282\uff0c\u9700\u8981\u6ce8\u610f\u5b89\u5168\u6027\u3002\u672c\u6587\u5c06\u5206\u4eab\u6700\u4f73\u5b9e\u8df5\uff0c\u4ee5\u5e2e\u52a9\u60a8\u9075\u5faa\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff0c\u4fdd\u62a4\u5e94\u7528\u7a0b\u5e8f\u514d\u906d\u653b\u51fb\u3002<\/p>\n 1. \u542f\u7528\u4e25\u683c\u6a21\u5f0f<\/strong><\/p>\n \u542f\u7528\u4e25\u683c\u6a21\u5f0f\u53ef\u6d88\u9664 PHP \u4e2d\u7684\u9519\u8bef\u548c\u4e0d\u5b89\u5168\u884c\u4e3a\u3002\u5728\u51fd\u6570\u4ee3\u7801\u9876\u90e8\u6dfb\u52a0 2. \u9a8c\u8bc1\u7528\u6237\u8f93\u5165<\/strong><\/p>\n \u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u4ee5\u9632\u6b62\u6ce8\u5165\u653b\u51fb\u3002\u4f7f\u7528\u5185\u7f6e\u51fd\u6570\uff08\u5982 3. \u8f6c\u4e49\u8f93\u51fa<\/strong><\/p>\n \u8f6c\u4e49\u51fd\u6570\u4ee3\u7801\u4e2d\u7684\u8f93\u51fa\u4ee5\u9632\u6b62\u8de8\u7ad9\u811a\u672c (XSS) \u653b\u51fb\u3002\u4f7f\u7528 4. \u4f7f\u7528\u5b89\u5168\u51fd\u6570<\/strong><\/p>\n \u4f7f\u7528 PHP \u4e2d\u7684\u5185\u7f6e\u5b89\u5168\u51fd\u6570\uff08\u5982 5. \u9650\u5236\u6587\u4ef6\u4e0a\u4f20<\/strong><\/p>\n \u9650\u5236\u6587\u4ef6\u4e0a\u4f20\u4ee5\u9632\u6b62\u6076\u610f\u4ee3\u7801\u6267\u884c\u3002\u9a8c\u8bc1\u6587\u4ef6\u7c7b\u578b\u548c\u9650\u5236\u5927\u5c0f\u3002<\/p>\n \u5b9e\u73b0\u7528\u6237\u6ce8\u518c\u51fd\u6570<\/strong><\/p>\n \u4ee5\u4e0b\u793a\u4f8b\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528\u6700\u4f73\u5b9e\u8df5\u6765\u90e8\u7f72\u4e00\u4e2a\u5b89\u5168\u7684 PHP \u6ce8\u518c\u51fd\u6570\uff1a<\/p>\n \u7ed3\u8bba<\/strong><\/p>\n \u9075\u5faa\u8fd9\u4e9b\u6700\u4f73\u5b9e\u8df5\uff0c\u53ef\u4ee5\u663e\u8457\u589e\u5f3a PHP \u51fd\u6570\u4ee3\u7801\u7684\u5b89\u5168\u6027\u3002\u901a\u8fc7\u542f\u7528\u4e25\u683c\u6a21\u5f0f\u3001\u9a8c\u8bc1\u8f93\u5165\u3001\u8f6c\u4e49\u8f93\u51fa\u3001\u4f7f\u7528\u5b89\u5168\u51fd\u6570\u548c\u9650\u5236\u6587\u4ef6\u4e0a\u4f20\uff0c\u60a8\u53ef\u4ee5\u4fdd\u62a4\u5e94\u7528\u7a0b\u5e8f\u514d\u53d7\u6076\u610f\u653b\u51fb\u3002<\/p>\n \u597d\u4e86\uff0c\u672c\u6587\u5230\u6b64\u7ed3\u675f\uff0c\u5e26\u5927\u5bb6\u4e86\u89e3\u4e86\u300aPHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u6700\u4f73\u5b9e\u8df5\uff1a\u5982\u4f55\u9075\u5faa\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff1f\u300b\uff0c\u5e0c\u671b\u672c\u6587\u5bf9\u4f60\u6709\u6240\u5e2e\u52a9\uff01\u5173\u6ce8\u7c73\u4e91\u516c\u4f17\u53f7\uff0c\u7ed9\u5927\u5bb6\u5206\u4eab\u66f4\u591a\u6587\u7ae0\u77e5\u8bc6\uff01<\/p>\n","protected":false},"excerpt":{"rendered":" PHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u6700\u4f73\u5b9e\u8df5\uff1a\u5982\u4f55\u9075\u5faa\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff1f \u5404\u4f4d\u5c0f\u4f19\u4f34\u4eec\uff0c\u5927\u5bb6\u597d\u5440\uff01\u770b\u770b\u4eca\u5929\u6211\u53c8\u7ed9\u5404\u4f4d\u5e26\u6765\u4e86\u4ec0\u4e48\u6587\u7ae0\uff1f\u672c\u6587\u6807\u9898\u662f\u300aPHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u6700\u4f73\u5b9e\u8df5\uff1a\u5982\u4f55\u9075\u5faa\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff1f\u300b\uff0c\u5f88\u660e\u663e\u662f\u5173\u4e8e\u6587\u7ae0\u7684\u6587\u7ae0\u54c8\u54c8\u54c8\uff0c\u5176\u4e2d\u5185\u5bb9\u4e3b\u8981\u4f1a\u6d89\u53ca\u5230\u7b49\u7b49\uff0c\u5982\u679c\u80fd\u5e2e\u5230\u4f60\uff0c\u89c9\u5f97\u5f88\u4e0d\u9519\u7684\u8bdd\uff0c\u6b22\u8fce\u5404\u4f4d\u591a\u591a\u70b9\u8bc4\u548c\u5206\u4eab\uff01 \u4e3a\u4e86\u63d0\u9ad8 PHP \u51fd\u6570\u4ee3\u7801\u7684\u5b89\u5168\u90e8\u7f72\uff0c\u5efa\u8bae\u9075\u5faa\u4ee5\u4e0b\u6700\u4f73\u5b9e\u8df5\uff1a\u542f\u7528\u4e25\u683c\u6a21\u5f0f\uff0c\u6d88\u9664\u9519\u8bef\u548c\u4e0d\u5b89\u5168\u884c\u4e3a\u3002\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff0c\u9632\u6b62\u6ce8\u5165\u653b\u51fb\u3002\u8f6c\u4e49\u8f93\u51fa\uff0c\u9632\u6b62\u8de8\u7ad9\u811a\u672c (XSS) \u653b\u51fb\u3002\u4f7f\u7528\u5b89\u5168\u51fd\u6570\uff0c\u4f8b\u5982 password_hash()\u3002\u9650\u5236\u6587\u4ef6\u4e0a\u4f20\uff0c\u9632\u6b62\u6076\u610f\u4ee3\u7801\u6267\u884c\u3002 PHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u6700\u4f73\u5b9e\u8df5\uff1a\u63d0\u5347\u5b89\u5168\u6027 \u524d\u8a00 PHP \u51fd\u6570\u4ee3\u7801\u90e8\u7f72\u662f Web \u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u4e2d\u7684\u91cd\u8981\u73af\u8282\uff0c\u9700\u8981\u6ce8\u610f\u5b89\u5168\u6027\u3002\u672c\u6587\u5c06\u5206\u4eab\u6700\u4f73\u5b9e\u8df5\uff0c\u4ee5\u5e2e\u52a9\u60a8\u9075\u5faa\u5b89\u5168\u6700\u4f73\u5b9e\u8df5\uff0c\u4fdd\u62a4\u5e94\u7528\u7a0b\u5e8f\u514d\u906d\u653b\u51fb\u3002 \u5b89\u5168\u6027\u6700\u4f73\u5b9e\u8df5 1. \u542f\u7528\u4e25\u683c\u6a21\u5f0f \u542f\u7528\u4e25\u683c\u6a21\u5f0f\u53ef\u6d88\u9664 PHP \u4e2d\u7684\u9519\u8bef\u548c\u4e0d\u5b89\u5168\u884c\u4e3a\u3002\u5728\u51fd\u6570\u4ee3\u7801\u9876\u90e8\u6dfb\u52a0 declare(strict_types=1);\u3002 <?php declare(strict_types=1); function myFunction(int $n): string { \/\/ … } 2. \u9a8c\u8bc1\u7528\u6237\u8f93\u5165 \u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u4ee5\u9632\u6b62\u6ce8\u5165\u653b\u51fb\u3002\u4f7f\u7528\u5185\u7f6e\u51fd\u6570\uff08\u5982 filter_var()\uff09\u6216 PHP \u5e93\uff08\u5982 Symfony\\Validator) \u9a8c\u8bc1\u8f93\u5165\u3002 <?php $input = filter_var($_GET[‘id’], FILTER_VALIDATE_INT); if ($input === false) { \/\/ \u8f93\u5165\u65e0\u6548\uff0c\u91c7\u53d6\u9632\u62a4\u63aa\u65bd } […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-47778","post","type-post","status-publish","format-standard","hentry","category-16"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/47778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=47778"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/47778\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=47778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=47778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=47778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\u5b89\u5168\u6027\u6700\u4f73\u5b9e\u8df5<\/h3>\n
declare(strict_types=1);<\/code>\u3002<\/p>\n<?php\ndeclare(strict_types=1);\n\nfunction myFunction(int $n): string {\n \/\/ ...\n}<\/pre>\nfilter_var()<\/code>\uff09\u6216 PHP \u5e93\uff08\u5982 Symfony\\Validator<\/code>) \u9a8c\u8bc1\u8f93\u5165\u3002<\/p>\n<?php\n$input = filter_var($_GET['id'], FILTER_VALIDATE_INT);\nif ($input === false) {\n \/\/ \u8f93\u5165\u65e0\u6548\uff0c\u91c7\u53d6\u9632\u62a4\u63aa\u65bd\n}<\/pre>\nhtmlentities()<\/code> \u6216 htmlspecialchars()<\/code> \u51fd\u6570\u8f6c\u4e49 HTML \u8f93\u51fa\u3002<\/p>\n<?php\necho htmlspecialchars($output);<\/pre>\n
password_hash()<\/code>\uff09\u3002\u907f\u514d\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u51fd\u6570\uff08\u5982 md5()<\/code>\uff09\u3002<\/p>\n<?php\n$hashedPassword = password_hash($password, PASSWORD_DEFAULT);<\/pre>\n
<?php\nif ($_FILES['file']['type'] !== 'image\/jpeg') {\n \/\/ \u6587\u4ef6\u7c7b\u578b\u65e0\u6548\uff0c\u91c7\u53d6\u9632\u62a4\u63aa\u65bd\n}<\/pre>\n\u5b9e\u6218\u6848\u4f8b<\/h3>\n
<?php\ndeclare(strict_types=1);\n\nfunction registerUser(string $username, string $password, string $email): bool {\n \/\/ \u9a8c\u8bc1\u8f93\u5165\n if (empty($username) || empty($password) || empty($email)) {\n return false;\n }\n\n \/\/ \u8f6c\u4e49\u8f93\u51fa\n $username = htmlspecialchars($username);\n $password = htmlspecialchars($password);\n $email = htmlspecialchars($email);\n\n \/\/ \u4f7f\u7528\u5b89\u5168\u51fd\u6570\n $hashedPassword = password_hash($password, PASSWORD_DEFAULT);\n\n \/\/ \u8fde\u63a5\u6570\u636e\u5e93\u5e76\u6267\u884c\u63d2\u5165\n \/\/ ...\n\n return true;\n}<\/pre>\n