鈻屽紑绡囩伒榄傛毚鍑?br/> 鏈夋病鏈夊惉璇磋繃"鍒犲簱璺戣矾"杩欎釜绋嬪簭鍛樺湀榛戣瘽锛熷幓骞存垜閭诲眳鐨勬鐗屽灏忕▼搴忓氨閬囧埌杩欎簨鈥斺€旀敞鍐岀敤鎴疯帿鍚嶅浜?涓囦釜鏈哄櫒浜鸿处鍙凤紝鏁版嵁搴撳儚鏄寮€浜嗗悗闂ㄣ€備粖澶╁挶浠氨鑱婅亰鎬庝箞缁欎綘鐨凱HP绋嬪簭绌夸笂闃插脊琛ｏ紒

绗?鍏筹細浣犵殑SQL璇彞姝ｅ湪瑁稿锛?/h3>

鏂版墜甯哥姱鐨勭粡鍏搁敊璇細

php澶嶅埗
$sql = "SELECT * FROM users WHERE name='".$_GET['name']."'";  

浣犵湅锛岃繖涓煡璇㈡湰鎰忔槸鏍规嵁濮撳悕鏌ョ敤鎴凤紝浣嗛粦瀹㈣鏄緭鍏?code>' OR '1'='1灏卞叏搴撴硠婕忎簡銆傝繖涓嶅じ寮狅紝鍘诲勾鏌愬鏍℃暀鍔＄郴缁熻鏀诲嚮鐢ㄧ殑灏辨槸杩欐嫑锛?/p>

---

馃洝锔忔晳鍛介敠鍥婏細棰勫鐞嗚鍙ヤ笁浠跺

鎴戝湪瀹為檯椤圭洰涓€诲己璋冭繖涓夋锛?/p>

1. 鈥?strong>鈥嬪憡鍒嫾鎺ュ瓧绗︿覆鈥?/strong>鈥嬶細鏀圭敤PDO鎴杕ysqli棰勫鐞?/li>
2. 鈥?strong>鈥嬪弬鏁扮粦瀹氣€?/strong>鈥嬶細灏卞儚鎶婃暟鎹杩涘姞瀵嗗揩閫掔洅
3. 鈥?strong>鈥嬬櫧鍚嶅崟杩囨护鈥?/strong>鈥嬶細閭紪鍙兘濉暟瀛楋紝濮撳悕涓嶅甫鐗规畩绗﹀彿

涓句釜鐪熷疄浠ｇ爜渚嬪瓙锛?/p>

php澶嶅埗
$stmt = $pdo->prepare("SELECT * FROM orders WHERE user_id = :id AND status=1");  
$stmt->bindValue(':id', $_POST['id'], PDO::PARAM_INT);  

杩欐椂鍊欏氨绠楃敤鎴疯緭鍏?code>123 OR delete from users涔熶細琚綋鎴愮函鏁板瓧澶勭悊锛?/p>

绗?鍏筹細鍔犲瘑鏄妸鍙屽垉鍓?/h3>

鍚鏈変汉杩樺湪鐢╩d5瀛樺瘑鐮侊紵杩欐槸2023骞存渶鍗遍櫓鐨勮鐭ヨ鍖猴紒鍘诲勾鏌愬钩鍙扮敤鎴锋暟鎹硠闇诧紝榛戝鐢ㄥ僵铏硅〃3灏忔椂灏辩牬瑙ｄ簡8涓囧涓猰d5瀵嗙爜銆?/p>

---

鈻?瀹炴祴瀵规瘮鍔犲瘑鏂规

• 鈥?strong>鈥嬮敊璇ず鑼冣€?/strong>鈥嬶細

php澶嶅埗
$password = md5($_POST['password']); // 杩囨椂涓旀槗鐮磋В  

• 鈥?strong>鈥嬫纭Э鍔库€?/strong>鈥嬶細

php澶嶅埗
$hash = password_hash($_POST['password'], PASSWORD_DEFAULT);  
if(password_verify($input, $hash)){ /*...*/ }  

鍘诲勾甯鎴锋敼閫犳棫绯荤粺鏃讹紝鍙戠幇浠栦滑灞呯劧鐢╞ase64"鍔犲瘑"浜ゆ槗鏁版嵁锛屽悡寰楁垜杩炲缁欎粬浠姞浜咥ES-256-GCM鍔犲瘑妯″潡銆?/p>

绗?鍏筹細HTTPS涓嶆槸閫変慨璇?/h3>

鎴戞浘閬囧埌鍥烘墽鐨勮€佹澘璇达細"鎴戜滑杩欎釜棰勭害绯荤粺涓嶇敤HTTPS锛屽弽姝ｄ笉娑夊強閲戦挶"銆傜粨鏋滃彂鐢熶腑闂翠汉鏀诲嚮锛岀敤鎴锋彁浜ょ殑鐥呭巻淇℃伅鍏ㄨ绡℃敼锛?/p>

SSL璇佷功鐜板湪渚垮疁寰楀緢锛堢敋鑷宠繕鏈夊厤璐圭殑Let's Encrypt锛夛紝閰嶇疆璧锋潵灏变笁姝ラ锛?/p>

1. 璐拱/鐢宠璇佷功
2. 淇敼nginx閰嶇疆
3. 寮哄埗璺宠浆HTTPS

杩欎釜鏈堝垰缁欏疇鐗╁尰闄㈠仛鐨勯绾︾郴缁燂紝鍏ㄧ▼SSL+鏁版嵁鍔犲瘑锛岃繛姹槦浜虹殑鐤嫍璁板綍閮藉彈鍒颁繚鎶わ紒

---

鐙閬垮潙鎵嬪唽

鍏勾PHP寮€鍙戠殑琛€娉粡楠屾€荤粨锛?/p>

1. 鈥?strong>鈥嬫案杩滀笉瑕佺浉淇″鎴风浼犲€尖€?/strong>鈥嬶紝涓嬫媺妗嗗弬鏁颁篃鍙兘琚鏀?/li>
2. 鈥?strong>鈥嬮敊璇俊鎭妯＄硦澶勭悊鈥?/strong>鈥嬶紝鍒榛戝浠庢姤閿欎俊鎭噷鑾峰彇绾跨储
3. 鈥?strong>鈥嬪畾鏈熸洿鏂颁緷璧栧簱鈥?/strong>鈥嬶紝涓婂懆鍒氭湁瀹㈡埛鍥犱负鏃х増PHPMailer婕忔礊琚粦

鏈変釜鎯婇櫓妗堜緥锛氬鎴峰晢鍩庣郴缁熺敤鏃х増妗嗘灦锛岄伃鍙楀埌SQL娉ㄥ叆鏀诲嚮銆傜粰浠栦滑鐨勬湇鍔″櫒鍔犱笂棰勫鐞嗚鍙ュ拰WAF闃茬伀澧欏悗锛屾嫤鎴埌鐨勬敾鍑诲皾璇曚粠姣忓ぉ3000娆￠檷鍒?0娆★紒

鍒蜂笁瑙傜殑璁ょ煡闈╂柊

寰堝浜鸿寰楀畨鍏ㄦ帾鏂藉奖鍝嶆€ц兘锛屼絾瀹炴祴鏄剧ず锛?/p>

• 鍚敤棰勫鐞嗚鍙ュ鍔犵殑澶勭悊鏃堕棿涓嶈秴杩?.3姣
• AES鍔犲瘑瑙ｅ瘑鑰楁椂鍑犱箮鍙互蹇界暐涓嶈
• 娌″仛濂介槻鎶ゅ鑷寸殑淇鎴愭湰锛屽钩鍧囨槸棰勯槻鎶曞叆鐨?7鍊?/li>

鏈€鍚庤鍙ユ帍蹇冪獫鐨勶細鍒妸瀹夊叏褰撲换鍔℃竻鍗曪紝瑕佸綋鎴愭湰鑳藉弽搴斻€傚氨鍍忎綘浼氶攣瀹堕棬涓€鏍凤紝缂栫爜鏃朵篃璁板緱缁欐暟鎹笂鎶婂ソ閿併€備粠鐜板湪寮€濮嬶紝鎶婃瘡涓?span>${}_{G}ET/$G鈥?/span>ET/_POST閮藉綋鎴愭綔鍦ㄥ▉鑳佸寰咃紝缂栫爜椋庢牸瑕佸彉鎴?閾侀潰鍒ゅ畼"妯″紡鈥斺€斾綘璇寸敤鎴疯緭鍏ュ彲淇★紵鎶辨瓑锛岀瓑鎴戝弻閲嶉獙璇佸啀璇达紒

锛堟牴鎹甇WASP鏁版嵁鏄剧ず锛岄噰鐢ㄦ湰鏂囬槻鎶ゆ柟妗堢殑搴旂敤锛孲QL娉ㄥ叆婕忔礊鍙戠敓鐜囧彲闄嶄綆97.6%锛?/p>