摘要
在用PHP设计开发应用程序时,要牢记不要相信用户的输入,对用户的输入一定要进行严格的审查,如果涉及脚本,就必须要进行严格的转义或转码、编码操作,严格检查所有的网址,要注意用户提供的网址不是第三方的。不要提示太祥细的错误提示,如果要登录验证,只告诉用户密码错误即可,对输出到网页的信息要进行编码和过滤,防止执行HTML编码。
In the design and development of the program with PHP, be sure to strictly examine the input of the user. If the script is involved, it is necessary to carry out strict transfer or transcoding, and code operation, and strictly check all the URLs, and the URL provided by the user is not third parties. Do not prompt too detailed error hints, if you want to log in to verify, only tell the user password error, the information output to the web page should be encoded and filtered to prevent the execution of HTML encoding.application design.
作者
包冉
Bao Ran(Fuxin Higher Training College, Fuxin, Liaoning 123000)
出处
《职大学报》
2018年第2期73-75,共3页
Journal of the Staff and Worker’s University
