ecshop商城安全优化_ECSHOP防止ECSHOP注入,屏蔽SQL提示

ECSHOP教程网ECSHOP商城安全优化_ECSHOP防止ECSHOP注入,屏蔽SQL提示教程

即把所有的错误输出屏蔽 这样很方便的就解决了注入问题。增加ECSHOP商城的安全系数!

我们常说的注入就是利用了 ecshop的sql错误提示显示出了MD5的密码
对ECSHOP商城来说是非常危险的!要解决这个问题,最好的方法当然就屏蔽ecshop的sql错误,这样,无论如何的注入都束手无策!
直接看代码: 
找到 \includes\cls_mysql.php

function close()
{
return mysqli_close($this->link_id);
}
function ErrorMsg($message = '', $sql = '')
{
if ($message)
{
echo "ECSHOP info: $message\n\n

";
//print('http://faq.comsenz.com/');
}
else
{
echo "MySQL server error report:";
print_r($this->error_message);
//echo "

http://faq.comsenz.com/";
}
exit;
}
修改变成:

function ErrorMsg($message = '', $sql = '')
{
if ($message)
{
//echo "ECSHOP info: $message\n\n

";
//print('http://faq.comsenz.com/');
}
else
{
//echo "MySQL server error report:";
//print_r($this->error_message);
//echo "

<a href="http://faq.comsenz.com/?type=mysql&dberrno=%22%20.%20$this-%3Eerror_message[3][" errno']="" .="" "&dberror=" . urlencode($this->error_message[2]['error']) . " '="" target='_blank'>http://faq.comsenz.com/";
}

exit;
} exit;
}

转载原文链接:http://www.gehut.cn

(0)

相关推荐