清洁与清洁PHP中的安全字符串 [英] Clean & Safe string in PHP
本文介绍了清洁与清洁PHP中的安全字符串的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Possible Duplicates:
PHP: the ultimate clean/secure function
What's the best method for sanitizing user input with PHP?
我应该在函数中添加些什么,以确保传递给它的每个字符串都是服务器友好的"?我使用这个小功能来检查包含名称,电子邮件地址和ID的输入.
What should I add to my function to be sure that every string that passes it will be 'server-friendly'? I use this small function to check inputs that contains names, e-mail addresses and ids.
function checkInput($str) {
$str = @strip_tags($str);
$str = @stripslashes($str);
$str = mysql_real_escape_string($str);
return $str;
}
推荐答案
我将删除一些与这些字符串无关的特殊字符,并且可以将它们用于代码注入,例如$%#< > |等等.
I would remove some special characters thet have nothing to do in such strings and could be used for code injections, like $ % # < > | and so on.
$invalid_characters = array("$", "%", "#", "<", ">", "|");
$str = str_replace($invalid_characters, "", $str);
这篇关于清洁与清洁PHP中的安全字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文