PHP伪静态与防注入
PHP伪静态,主要是为了隐藏传递的参数名;于网上搜索后整理伪静态四法
代码
代码
代码
代码
代码
代码
<?
php
// 伪静态方法一
// localhost/php100/test.php?id|1@action|2
$Php2Html_FileUrl = $_SERVER [ " REQUEST_URI " ];
echo $Php2Html_FileUrl . " <br> " ; // /php100/test.php?id|1@action|2
$Php2Html_UrlString = str_replace ( " ? " , "" , str_replace ( " / " , "" , strrchr ( strrchr ( $Php2Html_FileUrl , " / " ) , " ? " )));
echo $Php2Html_UrlString . " <br> " ; // id|1@action|2
$Php2Html_UrlQueryStrList = explode ( " @ " , $Php2Html_UrlString );
print_r ( $Php2Html_UrlQueryStrList ); // Array ( [0] => id|1 [1] => action|2 )
echo " <br> " ;
foreach ( $Php2Html_UrlQueryStrList as $Php2Html_UrlQueryStr )
{
$Php2Html_TmpArray = explode ( " | " , $Php2Html_UrlQueryStr );
print_r ( $Php2Html_TmpArray ); // Array ( [0] => id [1] => 1 ) ; Array ( [0] => action [1] => 2 )
echo " <br> " ;
$_GET [ $Php2Html_TmpArray [ 0 ]] = $Php2Html_TmpArray [ 1 ];
}
// echo '假静态:$_GET变量<br />';
print_r ( $_GET ); // Array ( [id|1@action|2] => [id] => 1 [action] => 2 )
echo " <br> " ;
echo " <hr> " ;
echo $_GET [id] . " <br> " ; // 1
echo $_GET [action]; // 2
?>
// 伪静态方法一
// localhost/php100/test.php?id|1@action|2
$Php2Html_FileUrl = $_SERVER [ " REQUEST_URI " ];
echo $Php2Html_FileUrl . " <br> " ; // /php100/test.php?id|1@action|2
$Php2Html_UrlString = str_replace ( " ? " , "" , str_replace ( " / " , "" , strrchr ( strrchr ( $Php2Html_FileUrl , " / " ) , " ? " )));
echo $Php2Html_UrlString . " <br> " ; // id|1@action|2
$Php2Html_UrlQueryStrList = explode ( " @ " , $Php2Html_UrlString );
print_r ( $Php2Html_UrlQueryStrList ); // Array ( [0] => id|1 [1] => action|2 )
echo " <br> " ;
foreach ( $Php2Html_UrlQueryStrList as $Php2Html_UrlQueryStr )
{
$Php2Html_TmpArray = explode ( " | " , $Php2Html_UrlQueryStr );
print_r ( $Php2Html_TmpArray ); // Array ( [0] => id [1] => 1 ) ; Array ( [0] => action [1] => 2 )
echo " <br> " ;
$_GET [ $Php2Html_TmpArray [ 0 ]] = $Php2Html_TmpArray [ 1 ];
}
// echo '假静态:$_GET变量<br />';
print_r ( $_GET ); // Array ( [id|1@action|2] => [id] => 1 [action] => 2 )
echo " <br> " ;
echo " <hr> " ;
echo $_GET [id] . " <br> " ; // 1
echo $_GET [action]; // 2
?>
代码
<?
php
// 伪静态方法二
// localhost/php100/test.php/1/2
$filename = basename ( $_SERVER [ ' SCRIPT_NAME ' ]);
echo $_SERVER [ ' SCRIPT_NAME ' ] . " <br> " ; // /php100/test.php
echo $filename . " <br> " ; // test.php
if ( strtolower ( $filename ) == ' test.php ' ){
if ( ! empty ( $_GET [id])){
$id = intval ( $_GET [id]);
echo $id . " <br> " ;
$action = intval ( $_GET [action]);
echo $action . " <br> " ;
} else {
$nav = $_SERVER [ ' REQUEST_URI ' ];
echo " 1: " . $nav . " <br> " ; // /php100/test.php/1/2
$script = $_SERVER [ ' SCRIPT_NAME ' ];
echo " 2: " . $script . " <br> " ; // /php100/test.php
$nav = ereg_replace ( " ^ $script " , "" , urldecode ( $nav ));
echo $nav . " <br> " ; // /1/2
$vars = explode ( " / " , $nav );
print_r ( $vars ); // Array ( [0] => [1] => 1 [2] => 2 )
echo " <br> " ;
$id = intval ( $vars [ 1 ]);
$action = intval ( $vars [ 2 ]);
}
echo $id . ' & ' . $action ;
}
?>
// 伪静态方法二
// localhost/php100/test.php/1/2
$filename = basename ( $_SERVER [ ' SCRIPT_NAME ' ]);
echo $_SERVER [ ' SCRIPT_NAME ' ] . " <br> " ; // /php100/test.php
echo $filename . " <br> " ; // test.php
if ( strtolower ( $filename ) == ' test.php ' ){
if ( ! empty ( $_GET [id])){
$id = intval ( $_GET [id]);
echo $id . " <br> " ;
$action = intval ( $_GET [action]);
echo $action . " <br> " ;
} else {
$nav = $_SERVER [ ' REQUEST_URI ' ];
echo " 1: " . $nav . " <br> " ; // /php100/test.php/1/2
$script = $_SERVER [ ' SCRIPT_NAME ' ];
echo " 2: " . $script . " <br> " ; // /php100/test.php
$nav = ereg_replace ( " ^ $script " , "" , urldecode ( $nav ));
echo $nav . " <br> " ; // /1/2
$vars = explode ( " / " , $nav );
print_r ( $vars ); // Array ( [0] => [1] => 1 [2] => 2 )
echo " <br> " ;
$id = intval ( $vars [ 1 ]);
$action = intval ( $vars [ 2 ]);
}
echo $id . ' & ' . $action ;
}
?>
代码
<?
php
// 伪静态方法三
function mod_rewrite(){
global $_GET ;
$nav = $_SERVER [ " REQUEST_URI " ];
echo $nav . " <br> " ;
$script_name = $_SERVER [ " SCRIPT_NAME " ];
echo $script_name . " <br> " ;
$nav = substr ( ereg_replace ( " ^ $script_name " , "" , urldecode ( $nav )) , 1 );
echo $nav . " <br> " ;
$nav = preg_replace ( " /^.ht(m){1}(l){0,1}$/ " , "" , $nav ); // 这句是去掉尾部的.html或.htm
echo $nav . " <br> " ;
$vars = explode ( " / " , $nav );
print_r ( $vars );
echo " <br> " ;
for ( $i = 0 ; $i < Count ( $vars ); $i += 2 ){
$_GET [ " $vars [ $i ] " ] = $vars [ $i + 1 ];
}
return $_GET ;
}
mod_rewrite();
$year = $_GET [ " year " ]; // 结果为'2006'
echo $year . " <br> " ;
$action = $_GET [ " action " ]; // 结果为'_add'
echo $action ;
?>
// 伪静态方法三
function mod_rewrite(){
global $_GET ;
$nav = $_SERVER [ " REQUEST_URI " ];
echo $nav . " <br> " ;
$script_name = $_SERVER [ " SCRIPT_NAME " ];
echo $script_name . " <br> " ;
$nav = substr ( ereg_replace ( " ^ $script_name " , "" , urldecode ( $nav )) , 1 );
echo $nav . " <br> " ;
$nav = preg_replace ( " /^.ht(m){1}(l){0,1}$/ " , "" , $nav ); // 这句是去掉尾部的.html或.htm
echo $nav . " <br> " ;
$vars = explode ( " / " , $nav );
print_r ( $vars );
echo " <br> " ;
for ( $i = 0 ; $i < Count ( $vars ); $i += 2 ){
$_GET [ " $vars [ $i ] " ] = $vars [ $i + 1 ];
}
return $_GET ;
}
mod_rewrite();
$year = $_GET [ " year " ]; // 结果为'2006'
echo $year . " <br> " ;
$action = $_GET [ " action " ]; // 结果为'_add'
echo $action ;
?>
代码
<?
php
// 伪静态方法四
//利用server变量 取得PATH_INFO信息 该例中为 /1,100,8630.html 也就是执行脚本名后面的部分
if (@ $path_info = $_SERVER [ " PATH_INFO " ]){
// 正则匹配一下参数
if ( preg_match ( " /\/(\d+),(\d+),(\d+)\.html/si " , $path_info , $arr_path )){
$gid = intval ( $arr_path [ 1 ]); // 取得值 1
$sid = intval ( $arr_path [ 2 ]); // 取得值100
$softid = intval ( $arr_path [ 3 ]); // 取得值8630
} else die ( " Path:Error! " );
// 相当于soft.php?gid=1&sid=100&softid=8630
} else die ( ' Path:Nothing! ' );
?>
// 伪静态方法四
//利用server变量 取得PATH_INFO信息 该例中为 /1,100,8630.html 也就是执行脚本名后面的部分
if (@ $path_info = $_SERVER [ " PATH_INFO " ]){
// 正则匹配一下参数
if ( preg_match ( " /\/(\d+),(\d+),(\d+)\.html/si " , $path_info , $arr_path )){
$gid = intval ( $arr_path [ 1 ]); // 取得值 1
$sid = intval ( $arr_path [ 2 ]); // 取得值100
$softid = intval ( $arr_path [ 3 ]); // 取得值8630
} else die ( " Path:Error! " );
// 相当于soft.php?gid=1&sid=100&softid=8630
} else die ( ' Path:Nothing! ' );
?>
代码
PHP防注入,主要是为了防止恶意写入后台数据库;
// 防注入函数
function inject_check( $sql_str ){
$check = eregi ( ' select|insert|update|delete|\ ' | \ / \ *| \ *| \ . \ . \ /| \ . \ /| union | into | load_file
| outfile ' , $sql_str);
if($check){
echo "输入非法内容";
exit();
}else{
return $sql_str;
}
}
//接收传递参数后进行转换
$_GET[type]=inject_check($_GET[type]);
//之后再使用转换后的参数
// 防注入函数
function inject_check( $sql_str ){
$check = eregi ( ' select|insert|update|delete|\ ' | \ / \ *| \ *| \ . \ . \ /| \ . \ /| union | into | load_file
| outfile ' , $sql_str);
if($check){
echo "输入非法内容";
exit();
}else{
return $sql_str;
}
}
//接收传递参数后进行转换
$_GET[type]=inject_check($_GET[type]);
//之后再使用转换后的参数