More Details

目录

Functions and Statements which will spread the tainted mark of a tainted string

Function/StatementSince
= (assign)0.1.0
. (concat)0.1.0
"{$var}" (variable substitution)0.1.0
.= (assign concat)0.1.0
strval0.3.0
explode/split0.3.0
implode/join0.3.0
sprintf0.3.0
vsprintf0.3.0
trim0.4.0
rtrim0.4.0
ltrim0.4.0
strstr0.5.0
str_pad0.5.0
str_replace0.5.0
substr0.5.0
strtolower0.5.0
strtoupper0.5.0

Functions and statements which will check tainted string

Function/Statement

Since

Basic statments

eval

0.1.0

include/include_once

0.1.0

require/require_once

0.1.0

Outputing Functions

echo

0.1.0

print

0.1.0

printf

0.1.0

file_put_contents

0.1.0

File System Functions

fopen

0.2.0

opendir

0.2.0

basename

0.2.0

dirname

0.2.0

file

0.2.0

pathinfo

0.2.0

Database relevant Functions

mysql_query

0.2.0

mysqli_query/MySQLi::query

0.2.0

sqlite_query/SqliteDataBase::query

0.3.0

sqlite_single_query/SqliteDataBase::singleQuery

0.3.0

oci_parse

0.3.0

PDO::query

0.3.0

PDO::prepare

0.3.0

SQLite3::query

2.0.1

SQLite3::prepare

2.0.1

Command Line relevant Functions

system

0.1.0

exec

0.1.0

proc_open

0.1.0

passthru

0.1.0

shell_exec

0.3.0

Functions which untaint the tainted string

FunctionSince
addslashes0.1.0
addcslashes0.1.0
htmlspecialchars0.1.0
htmlentities0.1.0
escapeshellcmd0.1.0
mysql_escape_string0.1.0
mysql_real_escape_string0.1.0
mysqli_escape_string/MySQLi::escape_string0.1.0
mysqli_real_escape_string/MySQLi::real_escape_string0.1.0
sqlite_escape_string/SqliteDataBase::escapeString0.3.0
PDO::quote0.3.0