您如何保护您的网站免受本地文件包含的影响?PHP中的SQL注入? [英] How do you protect your website from Local File Inclusion & SQL Injection in PHP?
问题描述
您如何保护您的网站免受本地文件包含的影响?SQL 注入 (PHP)?
How do you protect your website from Local File Inclusion & SQL Injection (PHP)?
推荐答案
需要采取许多措施.在将所有输入存储到数据库之前,请务必清理所有输入.我建议对将要存储的所有数据使用 mysql_real_escape_string().将字符输入限制为合理的长度,并确保您获得该字段所需的数据类型.锁定提交特定数据区域的多次尝试.抓取上传文件的内容以查找恶意模式.
There are numerous measures to be taken. Be sure to sanitize all input before storing in the database. I suggest using mysql_real_escape_string() on all data that will be stored. Limit character-input to reasonable lengths, and be sure you're getting the TYPE of data you are expecting for that field. Lock multiple attempts to submitting specific areas of data. Crawl the contents of uploaded files looking for malicious patterns.
Wikibooks 有一章关于 SQL 注入;
Wikibooks has a chapter on SQL Injection;
这个列表不胜枚举.幸运的是,即使在这方面稍加努力,也可以修补大量漏洞.
The list goes on and on. Fortunately, even a little effort in this area can patch a great number of vulnerabilities.
这篇关于您如何保护您的网站免受本地文件包含的影响?PHP中的SQL注入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
