清理$ _POST变量 [英] cleaning $_POST variables

问题描述

我正在尝试提出一种方法，可以通过一个函数有效轻松地清除所有POST和GET变量.这是函数本身:

I'm trying to come up with a way to effectively easily clean all POST and GET variables with a single function. Here's the function itself:

//clean the user's input
function cleanInput($value, $link = '')
{
    //if the variable is an array, recurse into it
    if(is_array($value))
    {
        //for each element in the array...
        foreach($value as $key => $val)
        {
            //...clean the content of each variable in the array
            $value[$key] = cleanInput($val);
        }

        //return clean array
        return $value;
    }
    else
    {
        return mysql_real_escape_string(strip_tags(trim($value)), $link);
    }
}

这是调用它的代码:

//This stops SQL Injection in POST vars
foreach ($_POST as $key => $value)
{
    $_POST[$key] = cleanInput($value, $link);
}

//This stops SQL Injection in GET vars
foreach ($_GET as $key => $value)
{
    $_GET[$key] = cleanInput($value, $link);
}

在我看来，这似乎应该可行.但是由于某种原因，它不会从表单中的某些复选框返回数组.他们总是空白.

To me this seems like it should work. But for some reason it won't return arrays from some checkboxes I have in a form. They keep coming out blank.

我已经在没有上述功能的情况下测试了我的代码，并且它工作正常，我只想在其中增加一点安全性.

I've tested my code without the above function and it works fine, I just want that added bit of security in there.

谢谢！

推荐答案

您所做的还不够.请参见此处

What you're doing isn't enough. See here.

这篇关于清理$ _POST变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！