初学者对PHP安全性感到困惑 [英] Beginner confused about PHP security
问题描述
大家好,
作为初学者,我在构建我的
网站时遇到了很多错误,(我正在尝试使用mySQL和PHP为我的网站实现一个成员
登录/注册片段。
我读过PHP是安全的,因为它隐藏了很多来自
黑客的代码以及试图在运行
PHP脚本的网站上窥探的人 - 然而,我注意到的一件事是每当我得到一个
脚本错误,(例如,连接失败,它列出文件
包含php代码 - 见下文:
警告:mysql_connect():拒绝用户访问:''xxxxx @ localhost''
(使用密码:YES)
/ content / host / x / x /www.xxxxxxx.com/web/classes/access_check/access_check.php
第98行
这是预期的吗?这是一个安全隐患?是否有可能,
(和/或一个好主意),禁用一旦我很高兴
代码是稳定的吗?
感谢任何建议。
杆
杆卡罗尔写道:警告:mysql_connect()函数:访问被拒绝的用户: '' 为XXXXX @localhost''
(使用密码:是)在第98行的
/content/host/x/x/www.xxxxxxx.com/web/classes/access_check/access_check.php
这是预期的吗?
是。
这是安全隐患吗?
绝对。
一旦我很高兴,是否有可能(和/或一个好主意)禁用这些
警告代码稳定吗?
是的。
感谢您的任何建议。
参见 http://fi.php.net/manual/en/function ... -reporting.php
-
Markku Uttula
马尔库雷马Uttula写道:
棒卡罗尔写道:
警告:mysql_connect()函数:拒绝访问用户: '' 为XXXXX @本地 ''
(使用密码:是)在
/content/host/x/x/www.xxxxxxx.com/web/classes/access_check/access_check第98行.php
这是预期的吗?
是的。
这是一个安全隐患?块引用>
Definetly。
是否有可能,(和/或一个好主意),禁用这些
警告一旦我很高兴代码是稳定的e?
是。
感谢您的任何建议。
您可以通过
将错误消息输出到浏览器,将@放在功能前面。例如:
@if(
_SESSION [''auth''] ==''ok''){
header(" location:entrance.php");
}
而不是
if(
Hello all,
As a beginner I''ve been exeperiencing lots of errors while building my
website, (I''m currently attempting to implement a member
login/registration piece for my site using mySQL and PHP)
I''ve read that PHP is secure in that it hides lots of code from
hackers and people trying to snoop around on the web site running the
PHP scripts - however, one thing I''ve noticed is that whenever I get a
script error, (for example, failure to connect, it lists the file
contining the php code - see below:
Warning: mysql_connect(): Access denied for user: ''xxxxx@localhost''
(Using password: YES) in
/content/host/x/x/www.xxxxxxx.com/web/classes/access_check/access_check.php
on line 98
Is this to be expected? Is this a security risk? Is it possible,
(and/or a good idea), to disable these warnings once I''m happy that
the code is stable?
Thanks for any advice.
Rod.解决方案Rod Carrol wrote:Warning: mysql_connect(): Access denied for user: ''xxxxx@localhost''
(Using password: YES) in
/content/host/x/x/www.xxxxxxx.com/web/classes/access_check/access_check.php
on line 98
Is this to be expected?
Yes.
Is this a security risk?
Definetly.
Is it possible, (and/or a good idea), to disable these
warnings once I''m happy that the code is stable?
Yes.
Thanks for any advice.
See http://fi.php.net/manual/en/function...-reporting.php
--
Markku Uttula
Markku Uttula wrote:
Rod Carrol wrote:Warning: mysql_connect(): Access denied for user: ''xxxxx@localhost''
(Using password: YES) in
/content/host/x/x/www.xxxxxxx.com/web/classes/access_check/access_check.php
on line 98
Is this to be expected?
Yes.Is this a security risk?
Definetly.Is it possible, (and/or a good idea), to disable these
warnings once I''m happy that the code is stable?
Yes.Thanks for any advice.
You can stop the error messages from being output to the browser by
putting @ in front of funtions. For example:
@if (
_SESSION[''auth''] == ''ok'') {
header ("location:entrance.php");
}
instead of
if (
这篇关于初学者对PHP安全性感到困惑的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!