Notice (8): file_put_contents(): Write of 274 bytes failed with errno=28 No space left on device [CORE/src/Log/Engine/FileLog.php, line 140]

        if (!$mask) {
            file_put_contents($pathname, $message . "\n", FILE_APPEND);

file_put_contents - [internal], line ??
Cake\Log\Engine\FileLog::log() - CORE/src/Log/Engine/FileLog.php, line 140
Cake\Log\Log::write() - CORE/src/Log/Log.php, line 392
Cake\Log\Log::warning() - CORE/src/Log/Log.php, line 477
DebugKit\ToolbarService::isSuspiciouslyProduction() - ROOT/vendor/cakephp/debug_kit/src/ToolbarService.php, line 169
DebugKit\ToolbarService::isEnabled() - ROOT/vendor/cakephp/debug_kit/src/ToolbarService.php, line 105
DebugKit\Plugin::bootstrap() - ROOT/vendor/cakephp/debug_kit/src/Plugin.php, line 48
Cake\Http\BaseApplication::pluginBootstrap() - CORE/src/Http/BaseApplication.php, line 182
Cake\Http\Server::bootstrap() - CORE/src/Http/Server.php, line 111
Cake\Http\Server::run() - CORE/src/Http/Server.php, line 79
[main] - ROOT/webroot/index.php, line 40

Notice (8): unserialize() [<a href='https://secure.php.net/function.unserialize'>function.unserialize</a>]: Error at offset 16363 of 16373 bytes [APP/Controller/NewsController.php, line 5571]

Code Context

               {
                      $a=unserialize($line2);
               }

unserialize - [internal], line ??
App\Controller\NewsController::action_cache() - APP/Controller/NewsController.php, line 5571
App\Controller\NewsController::cache_action() - APP/Controller/NewsController.php, line 5281
App\Controller\NewsController::action_() - APP/Controller/NewsController.php, line 6481
App\Controller\NewsController::get_data() - APP/Controller/NewsController.php, line 5701
App\Controller\NewsController::action_cache() - APP/Controller/NewsController.php, line 5625
App\Controller\NewsController::cache_action() - APP/Controller/NewsController.php, line 5281
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3436
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73

Warning (2): Undefined array key "nsort" [APP/Controller/NewsController.php, line 3613]

Code Context

                
                $nav_url.="<a href='".$website_info[0]["nsort"]["nsort_url"]."'>".$website_info[0]["nsort"]["nsort_name"]."</a>";

App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3613
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\RoutingMiddleware::process() - CORE/src/Routing/Middleware/RoutingMiddleware.php, line 161
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\AssetMiddleware::process() - CORE/src/Routing/Middleware/AssetMiddleware.php, line 77
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Error\Middleware\ErrorHandlerMiddleware::process() - CORE/src/Error/Middleware/ErrorHandlerMiddleware.php, line 126

Warning (2): Trying to access array offset on value of type null [APP/Controller/NewsController.php, line 3613]

Code Context

                
                $nav_url.="<a href='".$website_info[0]["nsort"]["nsort_url"]."'>".$website_info[0]["nsort"]["nsort_name"]."</a>";

App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3613
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\RoutingMiddleware::process() - CORE/src/Routing/Middleware/RoutingMiddleware.php, line 161
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\AssetMiddleware::process() - CORE/src/Routing/Middleware/AssetMiddleware.php, line 77
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Error\Middleware\ErrorHandlerMiddleware::process() - CORE/src/Error/Middleware/ErrorHandlerMiddleware.php, line 126

Warning (2): Undefined array key "nsort" [APP/Controller/NewsController.php, line 3613]

Code Context

                
                $nav_url.="<a href='".$website_info[0]["nsort"]["nsort_url"]."'>".$website_info[0]["nsort"]["nsort_name"]."</a>";

App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3613
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\RoutingMiddleware::process() - CORE/src/Routing/Middleware/RoutingMiddleware.php, line 161
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\AssetMiddleware::process() - CORE/src/Routing/Middleware/AssetMiddleware.php, line 77
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Error\Middleware\ErrorHandlerMiddleware::process() - CORE/src/Error/Middleware/ErrorHandlerMiddleware.php, line 126

Warning (2): Trying to access array offset on value of type null [APP/Controller/NewsController.php, line 3613]

Code Context

                
                $nav_url.="<a href='".$website_info[0]["nsort"]["nsort_url"]."'>".$website_info[0]["nsort"]["nsort_name"]."</a>";

App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3613
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\RoutingMiddleware::process() - CORE/src/Routing/Middleware/RoutingMiddleware.php, line 161
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\AssetMiddleware::process() - CORE/src/Routing/Middleware/AssetMiddleware.php, line 77
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Error\Middleware\ErrorHandlerMiddleware::process() - CORE/src/Error/Middleware/ErrorHandlerMiddleware.php, line 126

Notice (8): unserialize() [<a href='https://secure.php.net/function.unserialize'>function.unserialize</a>]: Error at offset 4067 of 4085 bytes [APP/Controller/NewsController.php, line 5571]

Code Context

               {
                      $a=unserialize($line2);
               }

unserialize - [internal], line ??
App\Controller\NewsController::action_cache() - APP/Controller/NewsController.php, line 5571
App\Controller\NewsController::cache_action() - APP/Controller/NewsController.php, line 5281
App\Controller\NewsController::article_show() - APP/Controller/NewsController.php, line 4290
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3822
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\RoutingMiddleware::process() - CORE/src/Routing/Middleware/RoutingMiddleware.php, line 161

Notice (8): unserialize() [<a href='https://secure.php.net/function.unserialize'>function.unserialize</a>]: Error at offset 61409 of 61429 bytes [APP/Controller/NewsController.php, line 5571]

Code Context

               {
                      $a=unserialize($line2);
               }

unserialize - [internal], line ??
App\Controller\NewsController::action_cache() - APP/Controller/NewsController.php, line 5571
App\Controller\NewsController::cache_action() - APP/Controller/NewsController.php, line 5281
App\Controller\NewsController::article_show() - APP/Controller/NewsController.php, line 4310
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3822
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Routing\Middleware\RoutingMiddleware::process() - CORE/src/Routing/Middleware/RoutingMiddleware.php, line 161

PHP开发中的安全防范知识总结

Warning (2): Undefined array key "nsort" [ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430]

Code Context

          <div class="info"> 
            <span><a href="<?php echo $website_info[0]["nsort"]["nsort_url"];?>"><i class="fa fa-columns"></i><?php echo $website_info[0]["nsort"]["nsort_name"];?></a></span> 
            <span><i class="fa fa-clock-o"></i><?php echo $website_info[0]["submission_date"];?></span>

include - ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430
Cake\View\View::_evaluate() - CORE/src/View/View.php, line 1184
Cake\View\View::_render() - CORE/src/View/View.php, line 1138
Cake\View\View::render() - CORE/src/View/View.php, line 769
Cake\Controller\Controller::render() - CORE/src/Controller/Controller.php, line 762
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3938
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73

Notice: file_put_contents() [function.file-put-contents]: Write of 2422 bytes failed with errno=28 No space left on device in /www/wwwroot/www.adminso.com/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 140

Warning (2): Trying to access array offset on value of type null [ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430]Code Context          <div class="info"> 
            <span><a href="<?php echo $website_info[0]["nsort"]["nsort_url"];?>"><i class="fa fa-columns"></i><?php echo $website_info[0]["nsort"]["nsort_name"];?></a></span> 
            <span><i class="fa fa-clock-o"></i><?php echo $website_info[0]["submission_date"];?></span> 
include - ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430
Cake\View\View::_evaluate() - CORE/src/View/View.php, line 1184
Cake\View\View::_render() - CORE/src/View/View.php, line 1138
Cake\View\View::render() - CORE/src/View/View.php, line 769
Cake\Controller\Controller::render() - CORE/src/Controller/Controller.php, line 762
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3938
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73

Notice: file_put_contents() [function.file-put-contents]: Write of 2446 bytes failed with errno=28 No space left on device in /www/wwwroot/www.adminso.com/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 140
">

Warning (2): Undefined array key "nsort" [ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430]Code Context          <div class="info"> 
            <span><a href="<?php echo $website_info[0]["nsort"]["nsort_url"];?>"><i class="fa fa-columns"></i><?php echo $website_info[0]["nsort"]["nsort_name"];?></a></span> 
            <span><i class="fa fa-clock-o"></i><?php echo $website_info[0]["submission_date"];?></span> 
include - ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430
Cake\View\View::_evaluate() - CORE/src/View/View.php, line 1184
Cake\View\View::_render() - CORE/src/View/View.php, line 1138
Cake\View\View::render() - CORE/src/View/View.php, line 769
Cake\Controller\Controller::render() - CORE/src/Controller/Controller.php, line 762
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3938
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73

Warning (2): Trying to access array offset on value of type null [ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430]Code Context          <div class="info"> 
            <span><a href="<?php echo $website_info[0]["nsort"]["nsort_url"];?>"><i class="fa fa-columns"></i><?php echo $website_info[0]["nsort"]["nsort_name"];?></a></span> 
            <span><i class="fa fa-clock-o"></i><?php echo $website_info[0]["submission_date"];?></span> 
include - ROOT/plugins/Kuhuang/templates/Websites/view.php, line 430
Cake\View\View::_evaluate() - CORE/src/View/View.php, line 1184
Cake\View\View::_render() - CORE/src/View/View.php, line 1138
Cake\View\View::render() - CORE/src/View/View.php, line 769
Cake\Controller\Controller::render() - CORE/src/Controller/Controller.php, line 762
App\Controller\NewsController::view() - APP/Controller/NewsController.php, line 3938
Cake\Controller\Controller::invokeAction() - CORE/src/Controller/Controller.php, line 539
Cake\Controller\ControllerFactory::handle() - CORE/src/Controller/ControllerFactory.php, line 140
Cake\Controller\ControllerFactory::invoke() - CORE/src/Controller/ControllerFactory.php, line 115
Cake\Http\BaseApplication::handle() - CORE/src/Http/BaseApplication.php, line 317
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 77
Cake\Http\Middleware\CsrfProtectionMiddleware::process() - CORE/src/Http/Middleware/CsrfProtectionMiddleware.php, line 174
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\I18n\Middleware\LocaleSelectorMiddleware::process() - CORE/src/I18n/Middleware/LocaleSelectorMiddleware.php, line 61
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73
Cake\Http\Middleware\BodyParserMiddleware::process() - CORE/src/Http/Middleware/BodyParserMiddleware.php, line 157
Cake\Http\Runner::handle() - CORE/src/Http/Runner.php, line 73

本文为大家讲解的是PHP开发中的安全防范知识总结，感兴趣的同学参考下。 PHP代码安全和XSS，SQL注入等对于各类网站的安全非常中用，尤其是UGC(User Generated Content)网站，论坛和电子商务网站，常常是XSS和SQL注入的重灾区

本文为大家讲解的是PHP 开发中的安全防范知识总结，感兴趣的同学参考下。

PHP代码安全和XSS，SQL注入等对于各类网站的安全非常中用，尤其是UGC(User Generated Content)网站，论坛和电子商务网站，常常是XSS和SQL注入的重灾区。这里简单介绍一些基本编程要点, 相对系统安全来说，php安全防范更多要求编程人员对用户输入的各种参数能更细心.

php编译过程中的安全

建议安装Suhosin补丁，必装安全补丁
php.ini安全设置

register_global = off

magic_quotes_gpc = off

display_error = off

log_error = on

# allow_url_fopen = off

expose_php = off

open_basedir =

safe_mode = on

disable_function = exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source,get_cfg_var

safe_mode_include_dir =

DB SQL预处理
mysql_real_escape_string (很多PHPer仍在依靠addslashes防止SQL注入，但是这种方式对中文编码仍然是有问题的。addslashes的问题在于黑客可以用 0xbf27来代替单引号，GBK编码中0xbf27不是一个合法字符，因此addslashes只是将0xbf5c27，成为一个有效的多字节字符，其中的0xbf5c仍会被看作是单引号，具体见这篇文章)。用mysql_real_escape_string函数也需要指定正确的字符集，否则依然可能有问题。

prepare + execute(PDO)
ZendFramework可以用DB类的quote或者quoteInto, 这两个方法是根据各种数据库实施不用方法的，不会像mysql_real_escape_string只能用于mysql

用户输入的处理
无需保留HTML标签的可以用以下方法
strip_tags, 删除string中所有html标签
htmlspecialchars，只对”<”,”>”,”;”,”'”字符进行转义
htmlentities，对所有html进行转义
必须保留HTML标签情况下可以考虑以下工具：

HTML Purifier: HTML Purifier is a standards-compliant HTML filter library written in PHP.

PHP HTML Sanitizer: Remove unsafe tags and attributes from HTML code

htmLawed: PHP code to purify & filter HTML

上传文件
用is_uploaded_file和move_uploaded_file函数，使用HTTP_POST_FILES[]数组。并通过去掉上传目录的PHP解释功能来防止用户上传php脚本。
ZF框架下可以考虑使用File_upload模块
Session，Cookie和Form的安全处理
不要依赖Cookie进行核心验证，重要信息需要加密, Form Post之前对传输数据进行哈希, 例如你发出去的form元素如下:

<input type="hidden" name="H[name]" value="<?php echo $Oname?>"/> <input type="hidden" name="H[age]" value="<?php echo $Oage?>"/> <?php $sign = md5('name'.$Oname.'age'.$Oage.$secret); ?> <input type="hidden" name="hash" value="<?php echo $sign?>"" />

POST回来之后对参数进行验证

$str = "";

foreach($_POST['H'] as $key=>$value) {

$str .= $key.$value;

}

if($_POST['hash'] != md5($str.$secret)) {

echo "Hidden form data modified"; exit;

}

PHP安全检测工具(XSS和SQL Insertion)
Wapiti - Web application security auditor(Wapiti - 小巧的站点漏洞检测工具) (SQL injection/XSS攻击检查工具)

安裝/使用方法:
apt-get install libtidy-0.99-0 python-ctypes python-utidylib
python wapiti.py http://Your Website URL/ -m GET_XSS
Pixy: XSS and SQLI Scanner for PHP( Pixy - PHP 源码缺陷分析工具)
安裝: apt-get install default-jdk

标签: PHP 开发中的安全防范知识总结