Shulou(Shulou.com)06/03 Report--

This article shows you how to solve PHP application problems, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

The PHP language is very powerful and can help us solve many problems. But in practical application, it is not without defects. Here we will give you a detailed introduction to the relevant solutions to the problems of PHP application.

Use the = = comparison operator with caution, because PHP is untyped, but the underlying C implementation engine is typed. Eventually there will be type conversions, such as zero = "abc" and the result will be true, which may not be what we want.

Where there is a definite type in semantics, use the relevant function to explicitly convert it: intval.

Uniformly define the file inclusion path of PHP in one place, so that when you include files in all parts of the project, do not take the path, as long as the file name, to facilitate the transfer of files

Another problem with PHP application is not to use global variables of PHP directly in functions and class methods, but to provide a proxy that accesses global variables separately, which can be an object or a simple function. If you are accessing global variables in a class, modify them to objects that use proxy global variables, so that there is a clear dependency between the two objects. Do not use global variables or variables outside the global directly inside the function. A function should only use the data passed in by the function arguments. Try not to use global variables and global everywhere, paying attention to the repeated submission of the form. This can be done with a token.

Determine whether the system is single-entry or multi-entry

Note coding: file storage encoding, page encoding, database encoding, user's operating system encoding (when the user enters content directly on the address, FF,Opera will encode the content according to the operating system encoding urlencode, but IE6 is as it is)

Do not expose the path of the file

After submitting the request, the user shuts down the browser or clicks on the stop of the browser or for other reasons whether the PHP should continue processing or stop processing after the network is cut off. How does PHP know the above situation: connection-handling (ignore_user_abort,register_shutdown_function,connection_status …)

Time zone problem, if the application is distributed

The explode application will produce an array of 1 items on a null value: array ("), but the latter is not false. That is: null is a false value, but explode (',', null) is followed by a true value, so be careful with the condition if (explode (',', $var))

$var = null;isset ($var) the result is false.

Security problems of PHP Application

Validate input and do not trust data from users (GET,POST,COOKIE). For a PHP application, these data should be filtered uniformly, such as encoding html tags to prevent XSS and preventing sql injection.

At the same time, for the content that needs to be verified, PHP has to verify it again, because all kinds of validation on the client side can be easily skipped (pseudo-forms, disabling js and firebug, tools that can modify html at will).

Pay attention to the size of the data submitted by the user. For example, too large post data or get data may have buffer overflow problems.

Be careful of non-PHP files on the server. If the application can upload or download files, avoid reading files directly through the file name and the file name is provided by the user. The user may provide some files that he should not see, but the PHP program reads it. At the same time, do not display the file path in the returned html. The save path of the file should not be seen by the user. According to these paths, the user may guess other files that he should not see.

If the session is saved in a file, and there are other unknown users on the web server (such as the rental web host), you should change the location where the session file is saved, or write the session to the database through PHP's session handler, because the session is saved in a temporary directory by default and can be accessed by others, which is dangerous if information such as passwords are saved in the session.

The above content is how to solve the problem of PHP application. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.