1. robots.txt
Reptile agreement
Web site by telling the search engines can crawl which pages, which pages can not crawl Robots agreement.
2 . Database Analysis
Commodity Management
Product
Categories
user comment
product brand
Product Types
Goods Tag
virtual merchandise
Promotion Management
Red envelope
Product packaging
Blessing cards
Group Buy
Management topics
Auction
Promotions
Wholesale Management
Value packs
Points Mall merchandise
Order Management
Order form
Joint order
Item not in stock
Invoice
return form
Advertising management
ad
Ad placement
Statistical Report
Traffic Analysis
search engine
Access purchase rate
article
Article Categories
article
online survey
Member Management
member
membership level
Member comments
Recharge and withdrawals apply
authority management
administrator
Administrator log
Character
office
supplier
System Settings
Store management
Member registration key settings
payment method
Delivery Method
Mail service settings
Area List
Links
Code Management
Site Map
Commodity (virtual goods)
N: 1 Categories
N: M User Reviews
N: 1 Brand
N: 1 Product Type
N: M Product Label
N: 1 packaging
N: 1 greeting card merchandise
N: M buy activities
N: M auction
N: M Promotions
N: 1 wholesale management
N: M value packs
N: 1 Points Mall merchandise
N: M Order
N: M Articles
N: 1 type red
N: M topics
1: 1 stock registration
Order form
N: 1 consolidation order
1: 1 Delivery Order
1: 1 Return Order
N: 1 Members
ad
1: 1 advertising
Slot 1: N external station serving js
article
N: 1 Article Categories
member
N: 1 Member Registration
N: 1 Member comments
1: N and recharge applications withdrawals
Rights Management Administrator
N: 1 role
1: N log
N: 1 Office
N: 1 supplier
Database design:
Requirements Document
Find entities, looking for relationships
Modeling ( Navicat, MySQL Workbench, etc. )
Generate the database
3. Directory Structure Analysis
admin background
api Interface
cert certificate
data data
demo demonstration (successful installation needs to be removed)
install installation directory (the installation is successful needs to be removed)
upgrade upgrade (successful installation needs to be removed)
docs Documentation
h5 h5 Code
images Product Image Catalog
includes a directory that contains files
js all js files
languages Language Pack
src scss file
temp temporary files
themes template files
wap wap page
widget components
* .Php file
Entrance index.php file
4. phpini
① define('IN_ECS', true);
Does not prevent users from accessing files through the inlet includes a file directory under
② init.php
@ Shield error message
③ error_reporting()
1 E_ERROR fatal mistake runtime. Not bug fixes. Stop execution of the script.
2 E_WARNING run a non-fatal error. It did not stop the execution of the script.
4 E_PARSE resolve compile-time errors. Parse error should be generated only by the parser.
8 E_NOTICE notice runtime. I found a script might be wrong, but can also occur during normal operation of the script.
8191 E_ALL All errors and warning levels, except E_STRICT (from PHP 6.0 onwards, E_STRICT as E_ALL part of)
00 disable error reporting represents
Another way to disable error reporting:
php.ini display_errors = On 改为 display_errors = Off
④ define(‘ROOTPATH’,’url’);
Root path is defined as a constant, easy access
⑤ constant introduction of inc_constant.php
The constant all stored in a file, the time required to introduce
⑥ get_magic_quotes_gpc () has been php 5.4 removed https://blog.csdn.net/kaixinfelix/article/details/18799557
SQL injection:
The so-called SQL injection, is through the SQL insert commands into the Web form is submitted the query string or enter a domain name or page request, and ultimately to deceive the server to execute malicious SQL commands
Example 1 : known user name ADMIN , fill in the form ADMIN 'or' 1
I can not write the password to log
SELECT * FROM user WHERE name = ‘admin’ or ‘1’ AND password = $pwd;
solve:
- PDO or Mysqli object-oriented way to link to the database
- mysql_real_escape_string () function
https://www.w3school.com.cn/php/func_mysql_real_escape_string.asp