恶意代码和PHP
[英]Malicious code and PHP
问题描述
While trying to understand the common security holes, I have a very brief question. 
在尝试了解常见的安全漏洞时,我有一个非常简短的问题。 Could this statement ever become true with some clever input? 通过一些巧妙的输入,这种说法能成为现实吗?
if ($_GET["h"] != $_GET["h"]) {
}
(Just using this as an example, not planning on using that exact code :P) (仅以此为例,不打算使用该确切的代码:P)
2 个解决方案
解决方案1
3 2013-09-17 02:02:09
Probably not, but if it's that much of a concern you'd be better off using not identical instead of not equal . 可能不是,但是如果您非常担心,最好使用不相同而不是不相等 。
if ('1' != 1) { echo 'true'; } // Does not echo
if (1000 != "10e4") { echo 'true'; } // Does not echo
if ('1' !== 1) { echo 'true'; } // echoes true
See more on PHP operators: http://php.net/manual/en/language.operators.comparison.php 有关PHP运算符的更多信息,请访问: http : //php.net/manual/en/language.operators.comparison.php
解决方案2
1 已采纳 2013-09-17 01:57:38
Not as far as I know. 据我所知。
Parameters from $_GET are transmitted through the URL like page.php?h=value . 来自$_GET参数通过URL传输,例如page.php?h=value 。 Once submitted, one cannot change its mind between the first $_GET and the second one... 提交后,您将无法在第一个$_GET和第二个$_GET之间改变主意...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.