跨站漏洞和代码注入漏洞
阿里云检测的如图<code>
<?php
set_time_limit(0);
$prescription = htmlspecialchars($prescription);
$prescription = trim($_GET['q']);
$id = intval($_GET['id']);
$r_num = 0; //结果个数
$lan = 3;
$pf = "";
$pf_l = "";
if($prescription!=""){
$dreamdb=file("data/yf.dat");//读取验方文件
$count=count($dreamdb);//计算行数
for($i=0; $i<$count; $i++) {
$keyword=explode(" ",$prescription);//拆分关键字
$dreamcount=count($keyword);//关键字个数
$detail=explode("\t",$dreamdb[$i]);
for ($ai=0; $ai<$dreamcount; $ai++) {
@eval("\$found = eregi(\"$keyword[$ai]\",\"$detail\");");
if(($found)){
if(fmod($r_num,$lan)==0) $pf_l .= "<tr>";
$pf_l .= '<td width="'.(100/$lan).'%"><img src="/img/jiantou.gif" /> <a href="?id='.($i+1).'">'.$detail.'</a></td>';
if(fmod($r_num,$lan)+1==$lan) $pf_l .= "</tr>";
$r_num++;
break;
}
}
}
</code>
我不懂php,请大神看看,红色部分是自己照着改的
页:
[1]