dtlhy0771 2012-10-10 11:23
浏览 59
已采纳

PHP安全写入文本文件?

An HTML form, a php file and a text file.

The form has one input box, it sends the inputted string to the PHP file using GET or POST. The PHP file writes the string to the text file using fopen 'a', fwrite and fclose and does no sanitization at all.

The text file is set to permission 777 and is in the same folder as the other files.

Are there any security concerns here? Is it possible for someone to send something using the form that will do any damage? If yes, what?

What about if the txt file is set to 666?

  • 写回答

3条回答 默认 最新

  • duanou9739 2012-10-10 11:34
    关注

    Never execute

    Depending on what the use of this file, there shouldn't be much risk involved. Just make sure the file is never executed.

    This means, never eval() the content of this file, or change it into a .php or any other executable file.

    However, if the content is ever to be written on a page, or viewable by the user, you will have security risks doing this.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算
  • ¥15 powerbuilder中的datawindow数据整合到新的DataWindow
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路