せめて避けたいコードと理由 - wankuma.com

せめて避けたいコードと理由 - wankuma.com

Blog (

NDA

Global if($_POST["action"]){$action = $_POST["action"];}elseif($_REQUEST["action"]){$action = $_REQUEST["action"];}elseif($_GET["action"]){$action = $_GET["action"];} if($_POST["mode"]){$mode = $_POST["mode"];}elseif($_REQUEST["mode"]){$mode = $_REQUEST["mode"];}elseif($_GET["mode"]){$mode = $_GET["mode"];}// mode if($_POST["kw"]){$kw = $_POST["kw"];}elseif($_REQUEST["kw"]){$kw = $_REQUEST["kw"];}elseif($_GET["kw"]){$kw = $_GET["kw"];}// if($_POST["andor"]){$andor = $_POST["andor"];}elseif($_REQUEST["andor"]){$andor = $_REQUEST["andor"];}elseif($_GET["andor"]){$andor = $_GET["andor"];}// if($_POST["pline"]){$pline = $_POST["pline"];}elseif($_REQUEST["pline"]){$pline = $_REQUEST["pline"];}elseif($_GET["pline"]){$pline = $_GET["pline"];}// if($_POST["result_cnt"]){$result_cnt = $_POST["result_cnt"];}elseif($_REQUEST["result_cnt"]){$result_cnt = $_REQUEST["result_cnt"];}elseif($_GET["result_cnt"]){$result_cnt = $_GET["result_cnt"];}// if($_POST["no"]){$no = $_POST["no"];}elseif($_REQUEST["no"]){$no = $_REQUEST["no"];}elseif($_GET["no"]){$no = $_GET["no"];}// if($_POST["co_no"]){$co_no = $_POST["co_no"];}elseif($_REQUEST["co_no"]){$co_no = $_REQUEST["co_no"];}elseif($_GET["co_no"]){$co_no = $_GET["co_no"];}// if($_POST["amount"]){$amount = $_POST["amount"];}elseif($_REQUEST["amount"]){$amount = $_REQUEST["amount"];}elseif($_GET["amount"]){$amount = $_GET["amount"];}// if($_POST["price"]){$price = $_POST["price"];}elseif($_REQUEST["price"]){$price = $_REQUEST["price"];}elseif($_GET["price"]){$price = $_GET["price"];}// if($_POST["mid"]){$mid = $_POST["mid"];}elseif($_REQUEST["mid"]){$mid = $_REQUEST["mid"];}elseif($_GET["mid"]){$mid = $_GET["mid"];}

// $text01 = $_POST["text01"]; $text02 = $_POST["text02"]; $text03 = $_POST["text03"]; $text04 = $_POST["text04"]; $text05 = $_POST["text05"]; $text06 = $_POST["text06"]; $text07 = $_POST["text07"]; $text08 = $_POST["text08"]; $text09 = $_POST["text09"]; $text10 = $_POST["text10"]; // $message01 = $_POST["message01"]; $message02 = $_POST["message02"]; $message03 = $_POST["message03"]; $message04 = $_POST["message04"]; $message05 = $_POST["message05"]; $message06 = $_POST["message06"]; $message07 = $_POST["message07"]; $message08 = $_POST["message08"]; $message09 = $_POST["message09"]; $message10 = $_POST["message10"]; // $upfile01_name = $_FILES["upfile01"]["name"]; $upfile01 = $_FILES["upfile01"]["tmp_name"]; $delupfile01 = $_POST["delupfile01"]; $upfile01_type = $_FILES["upfile01"]["type"]; $upfile02_name = $_FILES["upfile02"]["name"]; $upfile02 = $_FILES["upfile02"]["tmp_name"];

$delupfile02 = $_POST["delupfile02"]; $upfile02_type = $_FILES["upfile02"]["type"]; if($_POST["a"]){$a = $_POST["a"];}elseif($_REQUEST["a"]){$a = $_REQUEST["a"];}elseif($_GET["a"]){$a = $_GET["a"];} if($_POST["b"]){$b = $_POST["b"];}elseif($_REQUEST["b"]){$b = $_REQUEST["b"];}elseif($_GET["b"]){$b = $_GET["b"];} if($_POST["c"]){$c = $_POST["c"];}elseif($_REQUEST["c"]){$c = $_REQUEST["c"];}elseif($_GET["c"]){$c = $_GET["c"];} PHP ( BASIC ) ( ) register_globals

300 ( ) Excel // $this->get_conv()->monoDic("customer_id", security::sanitize_html($customer_data["customer_id"])); $this->get_conv()->monoDic("name1", security::sanitize_html($customer_data["name1"])); $this->get_conv()->monoDic("name2", security::sanitize_html($customer_data["name2"])); $this->get_conv()->monoDic("name1_kana", security::sanitize_html($customer_data["name1_kana"])); $this->get_conv()->monoDic("name2_kana", security::sanitize_html($customer_data["name2_kana"])); $this->get_conv()->monoDic("email", security::sanitize_html($customer_data["email"])); $this->get_conv()->monoDic("uid", security::sanitize_html($customer_data["uid"]));

$this->get_conv()->monoDic("sex_name", security::sanitize_html($sex_name)); $this->get_conv()->monoDic("birthday", security::sanitize_html($customer_data["birthday"])); $this->get_conv()->monoDic("birthday_year", security::sanitize_html($birthday_year)); $this->get_conv()->monoDic("birthday_month", security::sanitize_html($birthday_month)); $this->get_conv()->monoDic("birthday_day", security::sanitize_html($birthday_day)); $this->get_conv()->monoDic("zip1", security::sanitize_html($customer_data["zip1"])); $this->get_conv()->monoDic("zip2", security::sanitize_html($customer_data["zip2"])); $this->get_conv()->monoDic("prefecture_name", security::sanitize_html($prefecture_name)); $this->get_conv()->monoDic("city", security::sanitize_html($customer_data["city"])); $this->get_conv()->monoDic("address", security::sanitize_html($customer_data["address"])); $this->get_conv()->monoDic("building", security::sanitize_html($customer_data["building"])); $this->get_conv()->monoDic("point", security::sanitize_html($customer_data["point"])); $this->get_conv()->monoDic("temp_point", security::sanitize_html($customer_data["temp_point"])); $this->get_conv()->monoDic("memo", security::sanitize_html($customer_data["memo"]));

( iterator Web /* no */ $no = $_REQUEST['no']; /* ID */ $serial_id = $_REQUEST['serial_id'];

- $query = "SELECT * FROM gyoumu_lot_usr WHERE 1nenbun_no = '".$no."' AND serial_id = '".$serial_id."' AND adview_flg = '0'"; $sel->query($query); - $url = "http://foo.com/sub_victory.php?no=".$no."&serial_id=".$serial_id.""; PHP $REQUEST_ SQL Injection XSS

(grep ( ) XSS DB CSV BASIC

BASIC orz (PHP session

DB https Digest CSV mail CSV

DB http://www.stackasterisk.jp/tech/php/php03_06.jsp ID ID ID

framework class

/*********************************************************** *

************************************************************/ function replaceData4SQL($data, $class){ switch($class){ case 1:// html $data = str_replace("<", "<", $data); $data = str_replace(">", ">", $data); break; case 2:// sql $data = str_replace("'", "", $data); $data = str_replace("\\", "\\\\", $data); $data = str_replace(";", "", $data); break; case 3:// html + sql $data = str_replace("'", "", $data); $data = str_replace("\\", "\\\\", $data); $data = str_replace(";", "", $data); } $data = str_replace("<", "<", $data); $data = str_replace(">", ">", $data); break; return $data; }// function

header Injection spam orz config

config ( ) (

( ) Documentor (PHPDoc )

Recently Viewed Presentations

  • Behavioral Flexibility and Cognitive Complexity:

    Behavioral Flexibility and Cognitive Complexity:

    Behavioral flexibility is often defined as that which is possible as a result of complex cognitive feats but this is inadmissible: NOTE TO SELF: Special circularity is the practice of defining behavioral flexibility in terms of cognitive complexity and is...
  • Fluorescence in Cell Biology - Nikon Imaging Center at UCSF

    Fluorescence in Cell Biology - Nikon Imaging Center at UCSF

    Jablonski diagram (Molecular energy diagram) S. 0 S. 1 S. 2 em fluorescence
  • Notice and Note Signposts - Weebly

    Notice and Note Signposts - Weebly

    Notice and Note Signposts. Essential Question: What do good readers do? ... What is the Signpost? Clues to the Signpost. ... Words of the Wiser. When you're reading and a character (who's probably older and lots wiser) takes the main...
  • Computer Applications Unit D - PC&#92;|MAC

    Computer Applications Unit D - PC\|MAC

    Computer Applications Unit A. Operating Systems. There are currently four big Operating systems in traditional computing. We will also look at Operating Systems in mobile computing. The Big Four are Windows, Mac OS, Linux, and Chrome OS.
  • Where did it happen? When did it happen?

    Where did it happen? When did it happen?

    Seats for his performance have been going especially quickly! What is the verb phrase? have been going How are they going? quickly = adverb #1 How quickly? especially = adverb #2 Adverbs: Now, most, definitely, positively, undoubtedly Now you most...
  • World War I - Weebly

    World War I - Weebly

    War Affects the Home Front. War affected soldiers and civilians. War became a . total war, countries devoted all of their resources to winning the conflict. Government took control of the economy. Told factories what to produce, production all for...
  • T6079 Use of a Modified Sodium Bicarbonate and

    T6079 Use of a Modified Sodium Bicarbonate and

    PURPOSE. To determine the impact on dissolution rate and release percentage of a BCS Class II model drug, ibuprofen, from a swallow tablet formulation containing a surface-modified sodium bicarbonate powder (Effer-Soda®, SPI Pharma) in combination with two different lubricants at...
  • haplotype host of origin resistance gene Couch et

    haplotype host of origin resistance gene Couch et

    Scale bars, 25 µm (b), 40 µm (c). M. oryzae can move systemically from roots to leaves Sesma and Osbourn a−c, Four-week-old root-infected rice seedlings (cultivar Nipponbare) showing disease symptoms on the leaf (upper box) and collar (lower box) (a)....