Php 防止提升文件访问
现在我用php创建了一个简单的系统上载文件,但我需要帮助,请告诉我以下命令: 我想要一个在我的上传中阻止upload.htaccess文件的解决方案 网站 和其他文件.css.php.html PHP代码 请根据我的需要编辑此代码。你可以这样做Php 防止提升文件访问,php,.htaccess,Php,.htaccess,现在我用php创建了一个简单的系统上载文件,但我需要帮助,请告诉我以下命令: 我想要一个在我的上传中阻止upload.htaccess文件的解决方案 网站 和其他文件.css.php.html PHP代码 请根据我的需要编辑此代码。你可以这样做 // the list of unallowed file endings, can be extended easily by your needs $disallow = array( 'php', '.htaccess', ); // lo
// the list of unallowed file endings, can be extended easily by your needs
$disallow = array(
'php',
'.htaccess',
);
// loop over all disallowed file extensions and name the current one needle
foreach ($disallow as $needle) {
// if the given filename ($name) ends in the current needle we print and error and stop the processing.
if (substr($name, -strlen($needle)) === $needle) {
echo "Invalid file extension";
exit();
}
}
通过文件名进行sql注入时,使用mysql_查询的方式存在很大问题。考虑使用准备好的语句。
// the list of unallowed file endings, can be extended easily by your needs
$disallow = array(
'php',
'.htaccess',
);
// loop over all disallowed file extensions and name the current one needle
foreach ($disallow as $needle) {
// if the given filename ($name) ends in the current needle we print and error and stop the processing.
if (substr($name, -strlen($needle)) === $needle) {
echo "Invalid file extension";
exit();
}
}