How to attack common vulnerabilities in PHP programs (on) Original: Shaun Clows Translate: AnalysisT Translated this Articles, because the current articles on CGI security are taken as an example, and there are few articles specifically describe ASP, PHP or JSP security. This article of Shaun Clowes is more comprehensive in the security issues of PHP. Since the original text is relatively long, and a considerable part is the basic knowledge of the background or PHP of the article, it does not involve PHP security, so I have no translation. If you want to know about this, please refer to the original text. The article mainly analyzes the security of PHP from global variables, remote files, file uploads, library files, session files, data types, and easy error-in functions, and some useful advice on how to enhance PHP security . Ok, talk less, we are justified! [Global Variables] Variables in PHP do not require prior notes, they will automatically create during the first use, and their types do not need to be specified, they will automatically determine according to the context environment. From a programmer's perspective, this is undoubtedly an extremely convenient processing method. Obviously, this is also a very useful feature of rapid development of languages. Once a variable is created, you can use anywhere in the program. The result of this feature is that the programmer rarely initializes the variable. After all, when they created the first time, they are empty. Obviously, the main function of PHP-based applications is generally accepted by users (mainly form variables, upload files, and cookie, then process the input data, and then return the results to the client browser. In order to enable the PHP code to access the user's input as easy, PHP is actually handled by these input data as global variables. For example: