return strip_tags($_GET[$name]);

if ($_SERVER['REQUEST_METHOD'] == 'POST')

return strip_tags($_POST[$name]);}

This function could easily be expanded to include cookies in the search for a variable name. I called it _INPUT because it directly parallels the $_ arrays which store user input. Note also that when using this function, it does not matter whether the page was requested with a GET or a POST method, the code can use _INPUT() and expect the correct value regardless of request method. To use this function, consider the following two lines of code, which both have the same effect, but the second strips the PHP and HTML tags first, thus increasing the security of the script.

$name = $_GET['name');

$name = _INPUT('name');

If data is to be entered into a database, more processing is needed to prevent SQL injection, which will be discussed later.

Executing Code Containing User Input

Another concern when dealing with user data is the possibility that it may be executed in PHP code or on the system shell. PHP provides the eval() function, which allows arbitrary PHP code within a string to be evaluated (run). There are also the system(), passthru() and exec() functions, and the backtick operator, all of which allow a string to be run as a command on the operating system shell.

Where possible, the use of all such functions should be avoided, especially where user input is entered into the command or code. An example of a situation where this can lead to attack is the following command, which would display the results of the command on the web page.

外文翻译PHP安全 - 大图片Web安全

    无论您的网站是一家大型跨国公司的网站的存在，显示你的产品范围，并邀请潜在客户画廊前来进店，或个人网站展示您的假日照片，网络安全问题。努力工作把后使您的网站看起来不错，并给用户回应，你想要的最后一件事是恶意黑客一起走，执行PHP黑客并以某种方式打破它。论文网

    有许多的网络安全问题，可惜他们不是都有明确的解决方案，但在这里，我们将看看一些应该考虑每次你开始写一个PHP脚本的时间，以避免黑客的PHP的问题攻击。这些是，精心设计的代码，可完全消除的问题。在寻找解决方案中的细节，不过，让我们花点时间来定义问题本身。

SQL注入

    在这种攻击中，用户能够在网站的数据库中执行SQL查询。这种攻击通常是通过输入文本到这会导致随后的SQL查询，从PHP形式处理代码生成的表单字段，就好像它是SQL执行表单字段的内容的一部分执行。从这个无害的攻击范围的影响（仅使用SELECT拉另一个数据集）的破坏性（DELETE，例如）。在更为微妙的攻击，数据可以被改变，或者新的数据补充。