我还应该做什么来清理用户输入? [英] What else should I be doing to sanitize user input?

问题描述

最近，我有一个客户在我的某些站点上进行了审核.他们回来的一件事是，我可以更好地对输入数据进行消毒，因为人们仍然可能对数据库造成潜在的伤害.

Recently, I had an audit run on some of my sites by a client. One of the things they came back with was that I could be sanitizing the input data a little better as people could still cause potential harm to the database.

下面的功能是我当前正在使用的功能(旧开发人员的剩余功能)，但是我看不到潜在的问题可能出在哪里.

The function below is what I am currently using (a leftover from the old developer) but I cannot see where the potential issue may lie.

传递给数据库的字符串将通过XML显示，然后由Flash应用程序读取.

The string that gets passed through to the database will be displayed via XML which in turn is read by a Flash application.

有人可以告诉我我可能会想念什么吗?谢谢

Could anyone tell me what I might be missing? Thanks

function secure_string($string)
{   
    return (strip_tags(addslashes(mysql_real_escape_string(
                      stripslashes($string)))));
}

推荐答案

最好使用新的PHP函数 filter_var()用于清除输入.新的和更好的.

Better use the new PHP function filter_var() for cleaning input. New and better.

这篇关于我还应该做什么来清理用户输入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！