防止GET参数注入
[英]Protect against GET parameter injection
问题描述
I am new to php development and have been reading up on general security. 
我是php开发的新手,并且一直在阅读有关一般安全性的文章。 I have an app which communicates with a PHP back end by posting parameters through a URL which is then processed on the server. 我有一个与PHP后端通信的应用程序,它通过URL发布参数,然后在服务器上对其进行处理。
An example: 一个例子:
http://www.myserver.com/addcredit=99
However I'm sure I am correct in thinking that this is vulnerable, someone could maliciously inject their own parameters and add their own credit? 但是,我肯定我认为这是易受攻击的,有人可以恶意注入自己的参数并增加自己的信誉,这是正确的。
How would I protect against this and are there any useful materials people would recommend I look at to get a good understanding of security fundamentals in general? 我将如何防止这种情况发生?人们会推荐我使用哪些有用的材料来全面理解安全性基础知识?
thanks 谢谢
2 个解决方案
解决方案1
2 2016-11-23 05:36:30
Do not use database ids for the credit card id. 不要将数据库ID用作信用卡ID。 It makes it easy for users to access other users credit cards. 它使用户可以轻松访问其他用户的信用卡。
Use a random string that uniquely identifies the credit card 使用唯一标识信用卡的随机字符串
解决方案2
0 2016-11-22 09:31:00
在这种情况下,您可以使用一些简单的清理方法:
$addcredit = intval($_GET['addcredit']);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.