Home >Backend Development >PHP Tutorial >Newbies should develop some good security habits in PHP: turning off error prompts and strict data verification, etc.
When you use PHP for web development, you need to pay attention to some security configuration items and turn off certain functions to prevent users from inadvertently causing various problems.
1. Turn off the php error prompt function
Change display_errors to OFF in php.ini, or add # before the php file ##error_reporting(0).
Use error_reporting(0); Failure example:<?php error_reporting(0); echo 555 echo 444; ?>Error: Parse error: parse error, expecting `','' or `';'' in E:\webphp\2.php on line 4Many phpers say that using error_reporting(0) does not work. In the first example, there is a fatal error in A.php, which prevents execution. If the server cannot be executed, it does not know that it has this function, so the same error is reported. 2. Turn off some "bad features"1) Turn off the magic quotes function
Put magic_quotes_gpc = OFF in php.ini
Avoid and
addslashesWait for repeated escaping
<?php //$bloger = $_GET['bloger'] //因为register_globals = ON 所以这步不用了直接可以用$bloger echo $bloger; ?>This situation will cause some uninitialized variables to be easily modified, which may be fatal. So turn register_globals = OFF (3) Strictly
configure file permissions.
Assign permissions to the corresponding folders. For example, files containing uploaded images cannot have execution permissions and can only be read3. Strict data verification, what we need to do is to strictly verify the control data Flow, even if one of the 100 million users is a bad user, it is enough to be fatal. Besides, good users sometimes become "bad" inadvertently when they accidentally enter Chinese in the data input box. In order to ensure the security and robustness of the program, data verification should include(1) Whether key data exists. For example, whether the deleted data id exists(2)
The data typeis correct. For example, whether the deleted data id is an integer(3) Data length. If the field is of char(10) type, strlen must be used to determine the data length
(4) Whether the data has dangerous characters
The above is the detailed content of Newbies should develop some good security habits in PHP: turning off error prompts and strict data verification, etc.. For more information, please follow other related articles on the PHP Chinese website!