duanang58939 2012-09-30 15:31
浏览 6
已采纳

查询字符串安全性和变量插值

Not very familiar with PHP, is it possible for the user to take advantage of variable interpolation to get the value of secret?

<?php 
    $secret = 'hidden data';
    echo $_GET['id'];
?>

I tried passing in for the id: $secret, %24secret, ${secret}, {$secret}, %7D%24secret%7D, %24%7Dsecret%7D. So far it seems safe, but just want to make sure I am not missing anything. Thanks in advance.

  • 写回答

2条回答 默认 最新

  • drnysdnnb2909701 2012-09-30 15:32
    关注

    No, it's impossible for a user to retrieve hard-coded strings in this way.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥30 python代码,帮调试
  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条