Home >Backend Development >PHP Tutorial >Do you know the dangerous functions in PHP?
Sometimes we need to disable some dangerous functions in PHP for safety. This article has compiled some dangerous functions in PHP for your reference.
Function | Function | Recommendation | Level |
---|---|---|---|
Output PHP environment information and related module, WEB environment and other information. | Disabling has little impact | 中 | |
Allows the execution of an external program and echoes the output | Disable has little impact | High | |
Allows the execution of an external program (such as UNIX Shell or CMD command, etc.) | Disabling has little impact | High | |
Allows the execution of an external program and echoes the output | Disabling has little impact | High | |
Can change the working root directory of the current PHP process, only if the system supports CLI mode | Disable the impact Not big | High | |
List the files and directories in the specified path. | It may be affected | ||
Change the user group to which the file or directory belongs. | Disabling has little impact | High | |
Change the owner of a file or directory | Disable Little impact | High | |
Execute the command through the Shell and return the execution result as a string. | Disabling has little effect | High | |
Execute a command and open the file pointer for reading and writing . | Disabling it may not be possible to execute scheduled tasks | High | |
Get information about the process opened using proc_open () . | If disabled, it may not be possible to perform scheduled tasks | High | |
can be used to modify and set the PHP environment configuration parameter. | Disabling has little impact | High | |
Can be used to restore PHP environment configuration parameters to their initial values. | Disabling has little impact | High | |
Load one while PHP is running (not at startup) PHP external module | Disabling has little impact | High | |
Establish a persistent socket connection to the Internet or UNIX domain | Disabling may affect RPC, Socket communication, etc. | High | |
The system layer syslog () of the UNIX system can be called Function | Disabling has little impact | 中 | |
Returns the content of the target file pointed to by the symbolic link | Disabling has little impact | 中 | |
Create soft link | Disabling has little impact | 中 | |
You can pass a command through the parameters of popen () and execute it on the file opened by popen () | Disable the effect Not big | High | |
Establishing an Internet or UNIX server connection | Disabling may affect RPC, Socket communication, etc. | 高 |
PHP TutorialOpen php.ini, search for disable_functions, and add it.
disable_functions = passthru,exec,system,chroot,chgrp,chown,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog, syslog,readlink,popepassthru,stream_socket_serverRecommended tutorial: "
The above is the detailed content of Do you know the dangerous functions in PHP?. For more information, please follow other related articles on the PHP Chinese website!