Monday, February 4, 2013

php reject cracker


1.ຄວນປ້ອງກັນການຮັບຄ່າຈາກ
  when receive data from FROM user $_POST['login_user'] 
  when receive data from URL user $_GET['page']
  when receive data from Session user $_SESSION['ss_username']

2. ຢ່າຮັບຄ່າແລະປະມວນຜົນໃນເວລາດຽວກັນ
  ບໍ່ຄວນເຮັດ
    $select = mysql_query("SELECT * FROM board WHERE id=" . $_GET['id']);
  ຄວນເຮັດ
   $id = intval($_GET['id']);
   $select = mysql_query("SELECT * FROM board WHERE id=" . $id);
3. ຄວນສ້າງຄ່າໃດໜຶ່ງໄວໃນ server ເພື່ອປ້ອງການການເອົາ file ນອກເຂົ້າມາ
   $in_website = define ("in_website", true);
   require_once("timeFilter.php");
   if (!$in_website) die("what are you doing?");
   echo smssend($tele_no,$service,$choice);
  ຖ້າເອົາ file ນອກເຂົ້າມາຈະບໍ່ມີຄ່າ $in_website
4. ຄວນກວດຂໍ້ມູນວ່າມີການດັດແປງເພື່ອໃຫ້ງ່າຍຕໍ່ການປະມວນຜົນ
  $_GET['message'] = addslashes($_GET['message']);

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)