Home >Backend Development >PHP Tutorial >Detailed explanation of file_put_contents function in PHP
This article mainly shares with you the detailed explanation of the file_put_contents function in PHP. I recently encountered a file upload question on EIS and found that filtering cd7857b655557ed285dda6e071d1d47e
So we can pass in content[]=1c54a2ccadef45a7573e3649bdfd6f57&ext=php to bypass
Repair method
The fix is to use the fwrite function instead of the dangerous file_put_contents function. The fwrite function can only pass in strings. If it is an array, it will error and return false
<?php
if(isset($_POST['content']) && isset($_POST['ext'])){
$data = $_POST['content'];
$ext = $_POST['ext'];
//var_dump(preg_match('/\</',$data));
if(preg_match('/\</',$data)){
die('hack');
}
$filename = time();
// file_put_contents($filename.$ext, $data);
$f = fopen($filename.$ext);
var_dump(fwrite($f,$data));
}
?>Related recommendations:
Recommended 10 articles about php file_put_contents() function
How to implement file_put_contents appending and line wrapping in php?
The difference between fwrite and file_put_contents in PHP
The above is the detailed content of Detailed explanation of file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!