In PHP include (), require () statement includes and evaluates the specified file
The two statements are exactly the same in the include file, the only difference is that for error handling, require () statement in the face of the include file does not exist, or wrong, immediately stop and report an error, include () will continue to run
isset () function for detecting whether a variable is set and the non-null
after if has been used unset () a variable release, in () is determined by the return false isset
variable if used isset () is arranged to test a null will be returned false
Note also that the variable null null character ( "\ 0") is not equivalent to the php
highlight_flie () function of the file syntax highlighting
die () function output a message, and the introduction of the current script
which is a function exit () function alias
preg_replace () function performs a regular search expressions and replace
syntax:
Mixed preg_replace (Mixed $ pattern, Mixed $ Replacement, Mixed $ Subject [, int Katex the parse error: the Expected 'EOF', GOT '&' AT position 19: ... -1 = IT [, int & COUNT]])
$ pattern: pattern to search for, can be a string or an array of strings
$ replacement: for replacement strings or string arrays
$ subject: to search and replace string or target string array
$ limit: Optional, for each subject for each pattern string Alternatively the maximum number, the default is -1 (unlimited)
$ COUNT: Alternatively, the replacement is performed for the number of times
=Is a variable value exactly equal to the type, andJust compare the value of the two numbers are equal.
preg_replace ()
simple character filtering, you can write bypassed by double
but some redrafting preg_replace () inside the parameters, you can easily make it impossible to bypass the double write
?amazing_word=‘you_ctf_like_cxk’
file_get_contents function
to read the entire file into a string
Syntax:
file_get_contents (path, the include_path, context, Start, MAX_LENGTH)
The path name of the file must be read
extract () function is
introduced into the current array variable in the symbol table
Extract (Array, extract_rules, prefix)
extract_rules
Alternatively, EXTR_OVERWRITE default
variable, if there is a conflict, the existing coverage
trim () function
to remove both sides of the character string
white characters on both sides of a string functions or other predefined characters
strcmp () function
strcmp (str1, str2)
if less than str2 str1, returns <0
if sta1 greater than str2, returns> 0
, if both are equal, returns 0
die () function
die () function output a message and exits the current script
which is a function exit () function alias
die (status)
strcmp () Function Vulnerability
This vulnerability applies to versions prior to 5.3 php
passed the expected type is a string type of data, but if we pass a non-character-type data, when the function receives the type of non-compliance, will after an error occurs, a warning message is displayed the error, it will return 0.
eregi () function
Syntax
int eregi (String pattern, String String, [Array regs]);
eregi () function in the development of a string string search mode, multi search is case insensitive, eregi () may be particularly useful check the validity of the string
return value, if the match is successful return trur, false otherwise
urldecode ()
urlencode ()
urldecode () is a decoding function in php, php when when processing the data submitted itself will first conduct a url encoded, and then encountered urldecode function, there will be a secondary problem decoding
the sql injection url encoding statements, under normal circumstances would not be filtered out, but can be successfully decoded after injection php
error_reporting () function will give you what php error reporting
error reporting
php has many levels of errors, using this function can set the level when the script runs, and if no optional parameter level, error_reporting () will only return the current error reporting level.
MD5 () function
MD5 () function is used to compute the MD5 hash of a string
MD5 () function uses RSA Data Security, including MD5 message digest algorithm
md5 (string, raw)
-EREG () function eregi () function
string comparison analytic function
ereg()
int ereg(string pattern,string string,array [regs]);
This function in a regular pattern to parse a string match string. Ratio value among results returned in the array parameter regs, regs [0] content is the original string string, regs [1] for the first line with a regular string, regs [2] is the second line with the rules string, I analogy. If omitted parameter regs, comparison is simply to find the return value is true.
strpos () function to find the string in another string of the first occurrence of
the comment: strpos () function is case sensitive
This function is binary safe
Syntax
strpos (string, find, start)
Returns a string in another the position of the first occurrence of the character, if the string is not found returns false
ereg only handle characters, and password is an array, it returns null, three equal signs when not type conversion. So null! == false.
strpos same argument can not be an array, so the return is still null, null! == false is also true.
is_numeric () function is used to detect whether a variable is numeric or numeric string
bool is_numeric (mised $ var)
is returned if the specified variable is numeric and numeric string true, false otherwise
is_numeric () function for the null character 00%, 00%, both on the front and rear are based on non-numeric, and the 20% value of the space character can be placed
or used to bypass the array
% 00% 20 character spaces truncated