如何清理 WordPress 中的用户密码信息? [英] How to sanitize user password information in WordPress?
问题描述
我正在我的 WordPress 网站上的自定义注册表单中获取用户名、电子邮件和密码.我正在使用 sanitize_user()
清理用户名,sanitize_email()
清理电子邮件地址.
I'm capturing username, email and password in a custom registration form on my WordPress site. I'm sanitising the username using sanitize_user()
and sanitize_email()
sanitises the email address.
例如:
$username = sanitize_user( $username );
$email = sanitize_email( $email );
我应该如何清理用户输入的密码?我能想到的只有 sanitize_text_field( $pass )
但我确定这不是正确的做法.
How should I sanitise the password entered by the user? All I can think of is sanitize_text_field( $pass )
but I'm sure that isn't the right way to do it.
参考:
- http://codex.wordpress.org/Function_Reference/sanitize_user
- http://codex.wordpress.org/Function_Reference/sanitize_email
推荐答案
消毒不一定能保护您免受注射.为了防止这种情况,您需要使用准备好的语句 - 或者在 WordPress 的情况下,使用 $wpdb 类一>.
Sanitizing won't necessarily protect you from injection. To protect against that you need to use prepared statements - or in the case of WordPress, use the $wpdb class.
清理只是去除无效字符,在您上面给出的情况下,它会删除用户名中不允许的字符,或有效电子邮件地址中不允许的字符.密码允许使用多种不同的字符类型,因为这使它们变得强大",因此您不想将它们剥离.
Sanitization simply strips invalid characters, in the cases you've given above, it removes characters not allowed in usernames, or are not allowed in a valid email address. Passwords allow lots of different character types because that's what makes them 'strong' so you don't want to strip them out.
如果您使用 wp_insert_user()
创建一个WP 用户,那么您无论如何都不需要对其进行消毒,该功能会为您处理一切.
If you're using wp_insert_user()
to create a WP User, then you don't need to sanitize any of it anyway, the function will take care of it all for you.
这篇关于如何清理 WordPress 中的用户密码信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!