是否建议结合有两个或多个内置的php消毒函数的Santizing函数? [英] Is it recommended to have a santizing function that combines two or more built in sanitizing functions in php?

问题描述

是否可以使用由于表单提交或任何其他请求而对传入输入进行清理的功能.这节省了时间，但是效率和效率的问题仍然困扰着我.例如，

Is it okay to employ a function that sanitizes the incoming inputs due to a form submission or any other request. It is time saving but the question of effectivenss and efficiency still haunts me. For instance,

   function clearSpecialChars($str)
   {
     $str=htmlentities($str);
     $str=strip_tags($str);
     $str=mysql_real_escape_string($str);

     return $str;
   } 

这样，当我收到表单提交时，我就会这样做:

so that when I get a form submission I do:

    $username=clearSpecialChars($_REQUEST['username']);

    $email=clearSpecialChars($_REQUEST['email']);

从根本上讲，我不希望来自用户的任何html输入.

Fundamentally, I am not desiring any html inputs from the user.

推荐答案

每个函数都有自己的用途，您不应使用任何非预期用途的函数.

each function serves its own purpose, you shouldn't use any function not for their intended use.

1. 在mysql查询中使用参数之前，应先使用mysql_real_escape_string.
2. 在输出到页面之前，您应该使用htmlspecialchars.

就是这样.

这篇关于是否建议结合有两个或多个内置的php消毒函数的Santizing函数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！