duanoucuo7045 2012-01-23 15:21
浏览 92
已采纳

PHP文件注入?

I have a script that calls a bash script that does some processing, but the script calls the bash script using user inputed data.

I am wondering if there is a way to make sure the person (it's a file upload) doesn't append like ;cd /;rm -rf * to the end of the file. Or anything else like that. Would a normal MYSQL Injection methods work? Is there a better alternative?

  • 写回答

3条回答 默认 最新

  • douchu4048 2012-01-23 15:26
    关注

    Being able to inject shell commands would be ... shell command injection, and neither file nor SQL injection. To secure against it, use escapeshellarg:

    exec('bash bash-script ' . escapeshellarg($userInput));
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 echarts动画效果失效的问题。官网下载的例子。
  • ¥60 许可证msc licensing软件报错显示已有相同版本软件,但是下一步显示无法读取日志目录。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事:
  • ¥15 前置放大电路与功率放大电路相连放大倍数出现问题
  • ¥30 关于<main>标签页面跳转的问题
  • ¥80 部署运行web自动化项目
  • ¥15 腾讯云如何建立同一个项目中物模型之间的联系
  • ¥30 VMware 云桌面水印如何添加