1. PHP Security

2. Information Security/1. Insight

1. PHP Security

H232C 2019. 10. 20. 19:44

1. PHP Version Update / Patch

2. Register_globals

3. Apache AddHandler

4. Prepared Statements

5. PDO

6. htmlentities, htmlspecialchars (&, "", '', <, >)

<?php

$str = "A 'quote' is <b>bold</b>";

// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;

echo htmlentities($str)."\n";

// Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;

echo htmlentities($str, ENT_QUOTES);

?>

7. mysql_real_ecape_string : \x00, \n, \r, \, ', ", \x1a

- x00 = 숫자 0을 의미 / \n Line Feed (다음줄) / \r Carriage Return (해당 줄의 맨 앞줄) / \x1a Ctrl+Z = EoF

8. addslashes : ', ", \, null

9. eval, exec, shell_exec, proc_open, popen, passthru

10. file, system, readfile, fopen, file_get_contents

11. include, require

12. phpinfo

13. preg_replace