清理$ _POST变量 [英] cleaning $_POST variables
本文介绍了清理$ _POST变量的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试提出一种方法,可以通过一个函数有效轻松地清除所有POST和GET变量.这是函数本身:
I'm trying to come up with a way to effectively easily clean all POST and GET variables with a single function. Here's the function itself:
//clean the user's input
function cleanInput($value, $link = '')
{
//if the variable is an array, recurse into it
if(is_array($value))
{
//for each element in the array...
foreach($value as $key => $val)
{
//...clean the content of each variable in the array
$value[$key] = cleanInput($val);
}
//return clean array
return $value;
}
else
{
return mysql_real_escape_string(strip_tags(trim($value)), $link);
}
}
这是调用它的代码:
//This stops SQL Injection in POST vars
foreach ($_POST as $key => $value)
{
$_POST[$key] = cleanInput($value, $link);
}
//This stops SQL Injection in GET vars
foreach ($_GET as $key => $value)
{
$_GET[$key] = cleanInput($value, $link);
}
在我看来,这似乎应该可行.但是由于某种原因,它不会从表单中的某些复选框返回数组.他们总是空白.
To me this seems like it should work. But for some reason it won't return arrays from some checkboxes I have in a form. They keep coming out blank.
我已经在没有上述功能的情况下测试了我的代码,并且它工作正常,我只想在其中增加一点安全性.
I've tested my code without the above function and it works fine, I just want that added bit of security in there.
谢谢!
推荐答案
您所做的还不够.请参见此处
What you're doing isn't enough. See here.
这篇关于清理$ _POST变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文