尽管你的网站用了很多高大上的技术，但是如果网站的安全性不足，无法保护网站的数据，甚至成为恶意程序的寄生温床，那前面堆砌了再多的美好也都成了枉然。

SQL注入

在众多安全性漏洞中，SQL 注入绝对是最严重但也是最好处理的一种安全漏洞。在数据库执行查询句时，如果将恶意用户给出的参数直接拼接在查询句上，就有可能发生。

举个例子，假设原本某网站登录验证的查询句长这样：

 
 
 

  
  
  
strSQL = "SELECT * FROM users WHERE (name = '" + userName + "') and (pw = '"+ passWord +"');"
 
 
 

而恶意用户输入的参数为：

 
 
 

  
  
  
userName = "1' OR '1'='1";
  
  
  
passWord = "1' OR '1'='1";
 
 
 

由于代码中是直接将参数与查询句做字串做的拼接，所以 SQL 就成为了这样：

 
 
 

  
  
  
strSQL = "SELECT * FROM users WHERE (name = '1' OR '1'='1') and (pw = '1' OR '1'='1');"
  
  
  
// 相当于
  
  
  
strSQL = "SELECT * FROM users;"
 
 
 

这样一来，账号密码就形同虚设，甚至可以拿到整个数据库的结构(SELECT * FROM sys.tables)、任意修改、查询数据，整个网站的数据就全部泄露了。

不过解决方法也很简单，只要通过参数化查询来避免直接将参数与查询句拼接，并进行适当的输入检查、插入转义字符、严格设定程序权限，就能够有效避免 SQL 注入了。

XSS

XSS（跨站攻击）也叫JavaScript 注入，是现代网站最频繁出现的问题之一，它指的是网站被恶意用户植入了其他代码，通常发生在网站将用户输入的内容直接放到网站内容时。例如论坛、留言板等可以输入任意文字的网站，恶意用户如果写入一小段

看起来很恐怖，那么该如何解决呢？除了前面所说的 CSRF Token 外，许多大公司还采用了另一种有趣的解决方式。即 API 的响应内容开头为 for (;;);，这也是利用 了

基本 文件 流程 错误 SQL 调试

1. 请求信息 : 2026-02-16 20:29:54 HTTP/1.1 GET : /article/dpicjdd.html
2. 运行时间 : 0.0660s ( Load:0.0032s Init:0.0005s Exec:0.0579s Template:0.0043s )
3. 吞吐率 : 15.15req/s
4. 内存开销 : 2,227.41 kb
5. 查询信息 : 12 queries 5 writes
6. 文件加载 : 36
7. 缓存信息 : 0 gets 2 writes
8. 配置加载 : 130
9. 会话信息 : SESSION_ID=jmft3pj4kg54nv7ljvjvvdmc76

1. /home/wwwroot/jxjierui.cn/index.php ( 1.12 KB )
2. /home/wwwroot/jxjierui.cn/ThinkPHP/ThinkPHP.php ( 4.61 KB )
3. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Think.class.php ( 12.26 KB )
4. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Storage.class.php ( 1.37 KB )
5. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Storage/Driver/File.class.php ( 3.52 KB )
6. /home/wwwroot/jxjierui.cn/ThinkPHP/Mode/common.php ( 2.82 KB )
7. /home/wwwroot/jxjierui.cn/ThinkPHP/Common/functions.php ( 53.56 KB )
8. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Hook.class.php ( 4.01 KB )
9. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/App.class.php ( 13.49 KB )
10. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Dispatcher.class.php ( 14.79 KB )
11. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Route.class.php ( 13.36 KB )
12. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Controller.class.php ( 11.23 KB )
13. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/View.class.php ( 7.59 KB )
14. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/BuildLiteBehavior.class.php ( 3.68 KB )
15. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ParseTemplateBehavior.class.php ( 3.88 KB )
16. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ContentReplaceBehavior.class.php ( 1.91 KB )
17. /home/wwwroot/jxjierui.cn/ThinkPHP/Conf/convention.php ( 11.15 KB )
18. /home/wwwroot/jxjierui.cn/App/Common/Conf/config.php ( 2.12 KB )
19. /home/wwwroot/jxjierui.cn/ThinkPHP/Lang/zh-cn.php ( 2.55 KB )
20. /home/wwwroot/jxjierui.cn/ThinkPHP/Conf/debug.php ( 1.48 KB )
21. /home/wwwroot/jxjierui.cn/App/Home/Conf/config.php ( 0.32 KB )
22. /home/wwwroot/jxjierui.cn/App/Home/Common/function.php ( 3.33 KB )
23. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ReadHtmlCacheBehavior.class.php ( 5.62 KB )
24. /home/wwwroot/jxjierui.cn/App/Home/Controller/ArticleController.class.php ( 6.11 KB )
25. /home/wwwroot/jxjierui.cn/App/Home/Controller/CommController.class.php ( 1.60 KB )
26. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Model.class.php ( 60.11 KB )
27. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php ( 32.43 KB )
28. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db/Driver/Pdo.class.php ( 16.74 KB )
29. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache.class.php ( 3.83 KB )
30. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache/Driver/File.class.php ( 5.87 KB )
31. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Template.class.php ( 28.16 KB )
32. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Template/TagLib/Cx.class.php ( 22.40 KB )
33. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Template/TagLib.class.php ( 9.16 KB )
34. /home/wwwroot/jxjierui.cn/App/Runtime/Cache/Home/7540f392f42b28b481b30614275e4e55.php ( 13.96 KB )
35. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/WriteHtmlCacheBehavior.class.php ( 0.97 KB )
36. /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Behavior/ShowPageTraceBehavior.class.php ( 5.24 KB )

1. [ app_init ] --START--
2. Run Behavior\BuildLiteBehavior [ RunTime:0.000004s ]
3. [ app_init ] --END-- [ RunTime:0.000023s ]
4. [ app_begin ] --START--
5. Run Behavior\ReadHtmlCacheBehavior [ RunTime:0.000138s ]
6. [ app_begin ] --END-- [ RunTime:0.000150s ]
7. [ view_parse ] --START--
8. [ template_filter ] --START--
9. Run Behavior\ContentReplaceBehavior [ RunTime:0.000051s ]
10. [ template_filter ] --END-- [ RunTime:0.000070s ]
11. Run Behavior\ParseTemplateBehavior [ RunTime:0.003467s ]
12. [ view_parse ] --END-- [ RunTime:0.003487s ]
13. [ view_filter ] --START--
14. Run Behavior\WriteHtmlCacheBehavior [ RunTime:0.000059s ]
15. [ view_filter ] --END-- [ RunTime:0.000068s ]
16. [ app_end ] --START--

1. 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') LIMIT 1' at line 1 [ SQL语句 ] : SELECT `id`,`pid`,`navname` FROM `cx_nav` WHERE ( id= ) LIMIT 1
2. 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') LIMIT 1' at line 1 [ SQL语句 ] : SELECT `id`,`navname` FROM `cx_nav` WHERE ( id= ) LIMIT 1
3. 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 [ SQL语句 ] : SELECT `id`,`navname` FROM `cx_nav` WHERE ( pid= )
4. [8] Undefined index: pid /home/wwwroot/jxjierui.cn/App/Home/Controller/ArticleController.class.php 第 47 行.
5. [2] file_put_contents(./App/Runtime/Temp/7616897e506a70545644b77557295d69.php): failed to open stream: Permission denied /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache/Driver/File.class.php 第 132 行.
6. [8] Undefined index: db_host /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php 第 120 行.
7. [8] Undefined index: db_port /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php 第 121 行.
8. [8] Undefined index: db_name /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Db.class.php 第 122 行.
9. [2] file_put_contents(./App/Runtime/Temp/a3e936ac63e282e781bff5c540b5a2db.php): failed to open stream: Permission denied /home/wwwroot/jxjierui.cn/ThinkPHP/Library/Think/Cache/Driver/File.class.php 第 132 行.

0.0660s