似乎新的黑客工具 refref 已经推出,显然它滥用了 mysqli 扩展中的一个错误。现在我的网站根本不使用 mysqli,所以我认为对抗这个 refref 工具的最好方法是完全禁用 mysqli。
这些是我在 php.ini 中设置的设置。有没有办法可以完全禁用 mysqli,而不必重新编译 PHP?
;extension=php_mysqli.dll
[MySQLi]
mysqli.max_persistent = -1
;mysqli.allow_local_infile = On
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
答案1
你可能有一个预编译的 mysqli 扩展
您仍然可以通过将其添加到您的来禁用功能php.ini
:
disable_functions = mysqli_affected_rows,mysqli_autocommit,mysqli_change_user,mysqli_character_set_name,mysqli_close,mysqli_commit,mysqli_connect,mysqli_connect_errno,mysqli_connect_error,mysqli_data_seek,mysqli_dump_debug_info,mysqli_debug,mysqli_errno,mysqli_error,mysqli_stmt_execute,mysqli_execute,mysqli_fetch_field,mysqli_fetch_fields,mysqli_fetch_field_direct,mysqli_fetch_lengths,mysqli_fetch_all,mysqli_fetch_array,mysqli_fetch_assoc,mysqli_fetch_object,mysqli_fetch_row,mysqli_field_count,mysqli_field_seek,mysqli_field_tell,mysqli_free_result,mysqli_get_cache_stats,mysqli_get_connection_stats,mysqli_get_client_stats,mysqli_get_charset,mysqli_get_client_info,mysqli_get_client_version,mysqli_get_host_info,mysqli_get_proto_info,mysqli_get_server_info,mysqli_get_server_version,mysqli_get_warnings,mysqli_init,mysqli_info,mysqli_insert_id,mysqli_kill,mysqli_more_results,mysqli_multi_query,mysqli_next_result,mysqli_num_fields,mysqli_num_rows,mysqli_options,mysqli_ping,mysqli_poll,mysqli_prepare,mysqli_report,mysqli_query,mysqli_real_connect,mysqli_real_escape_string,mysqli_real_query,mysqli_reap_async_query,mysqli_rollback,mysqli_select_db,mysqli_set_charset,mysqli_stmt_affected_rows,mysqli_stmt_attr_get,mysqli_stmt_attr_set,mysqli_stmt_bind_param,mysqli_stmt_bind_result,mysqli_stmt_close,mysqli_stmt_data_seek,mysqli_stmt_errno,mysqli_stmt_error,mysqli_stmt_fetch,mysqli_stmt_field_count,mysqli_stmt_free_result,mysqli_stmt_get_result,mysqli_stmt_get_warnings,mysqli_stmt_init,mysqli_stmt_insert_id,mysqli_stmt_more_results,mysqli_stmt_next_result,mysqli_stmt_num_rows,mysqli_stmt_param_count,mysqli_stmt_prepare,mysqli_stmt_reset,mysqli_stmt_result_metadata,mysqli_stmt_send_long_data,mysqli_stmt_store_result,mysqli_stmt_sqlstate,mysqli_sqlstate,mysqli_ssl_set,mysqli_stat,mysqli_store_result,mysqli_thread_id,mysqli_thread_safe,mysqli_use_result,mysqli_warning_count,mysqli_refresh,mysqli_bind_param,mysqli_bind_result,mysqli_client_encoding,mysqli_escape_string,mysqli_fetch,mysqli_param_count,mysqli_get_metadata,mysqli_send_long_data,mysqli_set_opt
答案2
它已被停用。这是行前面的分号
;extension=php_mysqli.dll
用途:注释掉加载此库的命令。