[英]Malicious code and PHP
While trying to understand the common security holes, I have a very brief question. 在尝试了解常见的安全漏洞时,我有一个非常简短的问题。 Could this statement ever become true with some clever input?
通过一些巧妙的输入,这种说法能成为现实吗?
if ($_GET["h"] != $_GET["h"]) {
}
(Just using this as an example, not planning on using that exact code :P) (仅以此为例,不打算使用该确切的代码:P)
Probably not, but if it's that much of a concern you'd be better off using not identical instead of not equal . 可能不是,但是如果您非常担心,最好使用不相同而不是不相等 。
if ('1' != 1) { echo 'true'; } // Does not echo
if (1000 != "10e4") { echo 'true'; } // Does not echo
if ('1' !== 1) { echo 'true'; } // echoes true
See more on PHP operators: http://php.net/manual/en/language.operators.comparison.php 有关PHP运算符的更多信息,请访问: http : //php.net/manual/en/language.operators.comparison.php
Not as far as I know. 据我所知。
Parameters from $_GET
are transmitted through the URL like page.php?h=value
. 来自
$_GET
参数通过URL传输,例如page.php?h=value
。 Once submitted, one cannot change its mind between the first $_GET
and the second one... 提交后,您将无法在第一个
$_GET
和第二个$_GET
之间改变主意...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.