我还应该做什么来清理用户输入? [英] What else should I be doing to sanitize user input?
问题描述
最近,我有一个客户在我的某些站点上进行了审核.他们回来的一件事是,我可以更好地对输入数据进行消毒,因为人们仍然可能对数据库造成潜在的伤害.
Recently, I had an audit run on some of my sites by a client. One of the things they came back with was that I could be sanitizing the input data a little better as people could still cause potential harm to the database.
下面的功能是我当前正在使用的功能(旧开发人员的剩余功能),但是我看不到潜在的问题可能出在哪里.
The function below is what I am currently using (a leftover from the old developer) but I cannot see where the potential issue may lie.
传递给数据库的字符串将通过XML显示,然后由Flash应用程序读取.
The string that gets passed through to the database will be displayed via XML which in turn is read by a Flash application.
有人可以告诉我我可能会想念什么吗?谢谢
Could anyone tell me what I might be missing? Thanks
function secure_string($string)
{
return (strip_tags(addslashes(mysql_real_escape_string(
stripslashes($string)))));
}
推荐答案
最好使用新的PHP函数 filter_var()用于清除输入.新的和更好的.
Better use the new PHP function filter_var() for cleaning input. New and better.
这篇关于我还应该做什么来清理用户输入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!