{"id":47944,"date":"2024-12-02T11:17:58","date_gmt":"2024-12-02T03:17:58","guid":{"rendered":"https:\/\/fwq.ai\/blog\/47944\/"},"modified":"2024-12-02T11:17:58","modified_gmt":"2024-12-02T03:17:58","slug":"php-%e5%87%bd%e6%95%b0%e5%9c%a8%e5%ae%89%e5%85%a8%e6%80%a7%e6%8f%90%e5%8d%87%e6%96%b9%e9%9d%a2%e7%9a%84%e6%8a%80%e5%b7%a7%e5%92%8c%e6%8a%80%e6%9c%af","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/47944\/","title":{"rendered":"PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f"},"content":{"rendered":"<p><b><\/b> <\/p>\n<h1>PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f<\/h1>\n<p>\u4eca\u65e5\u4e0d\u80af\u57cb\u5934\uff0c\u660e\u65e5\u4f55\u4ee5\u62ac\u5934\uff01\u6bcf\u65e5\u4e00\u53e5\u52aa\u529b\u81ea\u5df1\u7684\u8bdd\u54c8\u54c8~\u54c8\u55bd\uff0c\u4eca\u5929\u6211\u5c06\u7ed9\u5927\u5bb6\u5e26\u6765\u4e00\u7bc7<span style=\"color: #FF6600;, Helvetica, Arial, sans-serif;font-size: 14px;background-color: #FFFFFF\">\u300aPHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f\u300b<\/span>\uff0c\u4e3b\u8981\u5185\u5bb9\u662f\u8bb2\u89e3<span style=\"color: #FF6600;, Helvetica, Arial, sans-serif;font-size: 14px;background-color: #FFFFFF\"><\/span>\u7b49\u7b49\uff0c\u611f\u5174\u8da3\u7684\u670b\u53cb\u53ef\u4ee5\u6536\u85cf\u6216\u8005\u6709\u66f4\u597d\u7684\u5efa\u8bae\u5728\u8bc4\u8bba\u63d0\u51fa\uff0c\u6211\u90fd\u4f1a\u8ba4\u771f\u770b\u7684\uff01\u5927\u5bb6\u4e00\u8d77\u8fdb\u6b65\uff0c\u4e00\u8d77\u5b66\u4e60\uff01<\/p>\n<p>PHP \u51fd\u6570\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u5b89\u5168\u589e\u5f3a\u529f\u80fd\uff0c\u5305\u62ec htmlspecialchars() \u9632\u6b62 XSS \u653b\u51fb\u3001addslashes() \u9632\u6b62 SQL \u6ce8\u5165\u3001filter_input() \u9a8c\u8bc1\u8f93\u5165\u3001preg_match() \u68c0\u67e5\u975e\u6cd5\u5b57\u7b26\u3002\u6700\u4f73\u5b9e\u8df5\u5305\u62ec\u59cb\u7ec8\u9a8c\u8bc1\u8f93\u5165\uff0c\u9009\u62e9\u5408\u9002\u7684\u8fc7\u6ee4\u5668\u7c7b\u578b\uff0c\u7ed3\u5408\u4f7f\u7528\u591a\u4e2a\u51fd\u6570\uff0c\u9632\u8303 CSRF\uff0c\u5b9a\u671f\u66f4\u65b0\u5e94\u7528\u7a0b\u5e8f\u3002\u5177\u4f53\u6848\u4f8b\u5982\u6ce8\u518c\u8868\u5355\u9a8c\u8bc1\uff0c\u901a\u8fc7 filter_input() \u8fc7\u6ee4\u8f93\u5165\uff0c\u786e\u4fdd\u5b89\u5168\u6027\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.17golang.com\/uploads\/20241026\/1729944880671cdd3039893.jpg\" class=\"aligncenter\" title=\"PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f\u63d2\u56fe\" alt=\"PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f\u63d2\u56fe\" \/><\/p>\n<p><strong>PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f<\/strong><\/p>\n<p><strong>\u7b80\u4ecb<\/strong><\/p>\n<p>PHP \u63d0\u4f9b\u4e86\u51e0\u9879\u7528\u4e8e\u63d0\u9ad8 Web \u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u6027\u7684\u5185\u7f6e\u51fd\u6570\u3002\u5229\u7528\u8fd9\u4e9b\u51fd\u6570\u53ef\u4ee5\u9632\u6b62\u5e38\u89c1\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982\u8de8\u7ad9\u70b9\u811a\u672c\u653b\u51fb (XSS) \u548c SQL \u6ce8\u5165\u3002<\/p>\n<p><strong>\u5b9e\u7528\u51fd\u6570<\/strong><\/p>\n<ul>\n<li><strong>htmlspecialchars()\uff1a<\/strong>\u5c06\u7279\u6b8a\u5b57\u7b26\u8f6c\u6362\u4e3a HTML \u5b9e\u4f53\uff0c\u9632\u6b62 XSS \u653b\u51fb\u3002<\/li>\n<\/ul>\n<pre>$input = '&lt;script&gt;alert(\"XSS Attack\")&lt;\/script&gt;';\n$safe_input = htmlspecialchars($input);<\/pre>\n<ul>\n<li><strong>addslashes()\uff1a<\/strong>\u5728\u53cd\u659c\u6760\u4e4b\u524d\u63d2\u5165\u7279\u6b8a\u5b57\u7b26\uff0c\u9632\u6b62 SQL \u6ce8\u5165\u3002<\/li>\n<\/ul>\n<pre>$query = \"SELECT * FROM users WHERE username='\" . addslashes($_GET['username']) . \"'\";<\/pre>\n<ul>\n<li><strong>filter_input()\uff1a<\/strong>\u6839\u636e\u6307\u5b9a\u7684\u8fc7\u6ee4\u5668\u7c7b\u578b\u5bf9\u8f93\u5165\u8fdb\u884c\u9a8c\u8bc1\u3002<\/li>\n<\/ul>\n<pre>$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);<\/pre>\n<ul>\n<li><strong>preg_match()\uff1a<\/strong>\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u6a21\u5f0f\u5339\u914d\u8f93\u5165\u5e76\u963b\u6b62\u4e0d\u5408\u6cd5\u7684\u5b57\u7b26\u3002<\/li>\n<\/ul>\n<pre>$pattern = '\/^[a-zA-Z0-9_]+$\/';\nif (!preg_match($pattern, $input)) {\n    \/\/ \u8f93\u5165\u5305\u542b\u975e\u6cd5\u5b57\u7b26\n}<\/pre>\n<p><strong>\u6700\u4f73\u5b9e\u8df5<\/strong><\/p>\n<ul>\n<li><strong> \u05ea\u05de\u05d9\u05d3\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\uff1a<\/strong>\u4e0d\u8981\u4fe1\u4efb\u4ece\u7528\u6237\u90a3\u91cc\u63a5\u6536\u7684\u4efb\u4f55\u6570\u636e\uff0c\u59cb\u7ec8\u5bf9\u5176\u8fdb\u884c\u9a8c\u8bc1\u3002<\/li>\n<li><strong>\u4f7f\u7528\u9002\u5f53\u7684\u8fc7\u6ee4\u5668\u7c7b\u578b\uff1a<\/strong>\u6839\u636e\u8f93\u5165\u7684\u9884\u671f\u7528\u9014\u9009\u62e9\u5408\u9002\u7684\u8fc7\u6ee4\u5668\u7c7b\u578b\u3002<\/li>\n<li><strong>\u7ed3\u5408\u4f7f\u7528\u591a\u4e2a\u51fd\u6570\uff1a<\/strong>\u4e3a\u4e86\u66f4\u597d\u7684\u5b89\u5168\u6027\uff0c\u5c06\u591a\u4e2a\u51fd\u6570\u7ed3\u5408\u4f7f\u7528\uff0c\u4f8b\u5982\u5c06 <code>htmlspecialchars()<\/code> \u4e0e <code>filter_input()<\/code> \u7ed3\u5408\u4f7f\u7528\u3002<\/li>\n<li><strong>\u9632\u8303\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020 (CSRF)\uff1a<\/strong>\u4f7f\u7528 CSRF \u4ee4\u724c\u6216\u5176\u4ed6\u673a\u5236\u6765\u9632\u6b62\u6076\u610f\u7f51\u7ad9\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bf7\u6c42\u3002<\/li>\n<li><strong>\u5b9a\u671f\u66f4\u65b0\u5e94\u7528\u7a0b\u5e8f\uff1a<\/strong>\u4fdd\u6301\u5e94\u7528\u7a0b\u5e8f\u7684\u6700\u65b0\u72b6\u6001\u4ee5\u4fee\u590d\u5df2\u77e5\u7684\u5b89\u5168\u6f0f\u6d1e\u3002<\/li>\n<\/ul>\n<p><strong>\u5b9e\u6218\u6848\u4f8b<\/strong><\/p>\n<p>\u6ce8\u518c\u8868\u5355\u7684\u9a8c\u8bc1\u793a\u4f8b\uff1a<\/p>\n<pre>&lt;?php\n$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);\n$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);\n\nif (empty($username) || empty($password)) {\n    \/\/ \u8f93\u5165\u4e3a\u7a7a\uff0c\u663e\u793a\u9519\u8bef\u6d88\u606f\n} else {\n    \/\/ \u9a8c\u8bc1\u901a\u8fc7\uff0c\u5904\u7406\u6ce8\u518c\u8bf7\u6c42\n}\n?&gt;<\/pre>\n<p>\u901a\u8fc7\u5b9e\u65bd\u8fd9\u4e9b\u6280\u5de7\u548c\u6280\u672f\uff0c\u60a8\u53ef\u4ee5\u663e\u8457\u63d0\u9ad8 PHP Web \u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u3002<\/p>\n<p>\u597d\u4e86\uff0c\u672c\u6587\u5230\u6b64\u7ed3\u675f\uff0c\u5e26\u5927\u5bb6\u4e86\u89e3\u4e86\u300aPHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f\u300b\uff0c\u5e0c\u671b\u672c\u6587\u5bf9\u4f60\u6709\u6240\u5e2e\u52a9\uff01\u5173\u6ce8\u7c73\u4e91\u516c\u4f17\u53f7\uff0c\u7ed9\u5927\u5bb6\u5206\u4eab\u66f4\u591a\u6587\u7ae0\u77e5\u8bc6\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f \u4eca\u65e5\u4e0d\u80af\u57cb\u5934\uff0c\u660e\u65e5\u4f55\u4ee5\u62ac\u5934\uff01\u6bcf\u65e5\u4e00\u53e5\u52aa\u529b\u81ea\u5df1\u7684\u8bdd\u54c8\u54c8~\u54c8\u55bd\uff0c\u4eca\u5929\u6211\u5c06\u7ed9\u5927\u5bb6\u5e26\u6765\u4e00\u7bc7\u300aPHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f\u300b\uff0c\u4e3b\u8981\u5185\u5bb9\u662f\u8bb2\u89e3\u7b49\u7b49\uff0c\u611f\u5174\u8da3\u7684\u670b\u53cb\u53ef\u4ee5\u6536\u85cf\u6216\u8005\u6709\u66f4\u597d\u7684\u5efa\u8bae\u5728\u8bc4\u8bba\u63d0\u51fa\uff0c\u6211\u90fd\u4f1a\u8ba4\u771f\u770b\u7684\uff01\u5927\u5bb6\u4e00\u8d77\u8fdb\u6b65\uff0c\u4e00\u8d77\u5b66\u4e60\uff01 PHP \u51fd\u6570\u63d0\u4f9b\u4e86\u4e30\u5bcc\u7684\u5b89\u5168\u589e\u5f3a\u529f\u80fd\uff0c\u5305\u62ec htmlspecialchars() \u9632\u6b62 XSS \u653b\u51fb\u3001addslashes() \u9632\u6b62 SQL \u6ce8\u5165\u3001filter_input() \u9a8c\u8bc1\u8f93\u5165\u3001preg_match() \u68c0\u67e5\u975e\u6cd5\u5b57\u7b26\u3002\u6700\u4f73\u5b9e\u8df5\u5305\u62ec\u59cb\u7ec8\u9a8c\u8bc1\u8f93\u5165\uff0c\u9009\u62e9\u5408\u9002\u7684\u8fc7\u6ee4\u5668\u7c7b\u578b\uff0c\u7ed3\u5408\u4f7f\u7528\u591a\u4e2a\u51fd\u6570\uff0c\u9632\u8303 CSRF\uff0c\u5b9a\u671f\u66f4\u65b0\u5e94\u7528\u7a0b\u5e8f\u3002\u5177\u4f53\u6848\u4f8b\u5982\u6ce8\u518c\u8868\u5355\u9a8c\u8bc1\uff0c\u901a\u8fc7 filter_input() \u8fc7\u6ee4\u8f93\u5165\uff0c\u786e\u4fdd\u5b89\u5168\u6027\u3002 PHP \u51fd\u6570\u5728\u5b89\u5168\u6027\u63d0\u5347\u65b9\u9762\u7684\u6280\u5de7\u548c\u6280\u672f \u7b80\u4ecb PHP \u63d0\u4f9b\u4e86\u51e0\u9879\u7528\u4e8e\u63d0\u9ad8 Web \u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u6027\u7684\u5185\u7f6e\u51fd\u6570\u3002\u5229\u7528\u8fd9\u4e9b\u51fd\u6570\u53ef\u4ee5\u9632\u6b62\u5e38\u89c1\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u4f8b\u5982\u8de8\u7ad9\u70b9\u811a\u672c\u653b\u51fb (XSS) \u548c SQL \u6ce8\u5165\u3002 \u5b9e\u7528\u51fd\u6570 htmlspecialchars()\uff1a\u5c06\u7279\u6b8a\u5b57\u7b26\u8f6c\u6362\u4e3a HTML \u5b9e\u4f53\uff0c\u9632\u6b62 XSS \u653b\u51fb\u3002 $input = &#8216;&lt;script&gt;alert(&#8220;XSS Attack&#8221;)&lt;\/script&gt;&#8217;; $safe_input = htmlspecialchars($input); addslashes()\uff1a\u5728\u53cd\u659c\u6760\u4e4b\u524d\u63d2\u5165\u7279\u6b8a\u5b57\u7b26\uff0c\u9632\u6b62 SQL \u6ce8\u5165\u3002 $query = &#8220;SELECT * FROM users WHERE username='&#8221; . addslashes($_GET[&#8216;username&#8217;]) [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-47944","post","type-post","status-publish","format-standard","hentry","category-16"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/47944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=47944"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/47944\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=47944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=47944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=47944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}