Coldfusion 9中的清洁字符串/输入 [英] Cleansing string / input in Coldfusion 9

问题描述

我最近一直在使用 Coldfusion 9(主要是 PHP 的背景)，我正在摸索如何清理/清理"用户提交的输入/字符串.

I have been working with Coldfusion 9 lately (background in PHP primarily) and I am scratching my head trying to figure out how to 'clean/sanitize' input / string that is user submitted.

我想让它成为 HTMLSAFE，消除任何 javascript 或 SQL 查询注入，就像往常一样.我希望我忽略了 CF9 已经附带的某种功能.

I want to make it HTMLSAFE, eliminate any javascript, or SQL query injection, the usual. I am hoping I've overlooked some kind of function that already comes with CF9.

有人能指出正确的方向吗?

Can someone point me in the proper direction?

推荐答案

这是对 Kyle 建议的补充而不是替代答案，但评论面板对于链接来说有点垃圾.

This an addition to Kyle's suggestions not an alternative answer, but the comments panel is a bit rubbish for links.

看看 ColdFusion

Take a look a the ColdFusion string functions. You've got HTMLCodeFormat, HTMLEditFormat, JSStringFormat and URLEncodedFormat. All of which can help you with working with content posted from a form.

您也可以尝试使用正则表达式函数来删除 HTML 标记，但这从来都不是一门精确的科学.这个 ColdFusion based regex/html question 应该帮帮忙吧.

You can also try to use the regex functions to remove HTML tags, but its never a precise science. This ColdFusion based regex/html question should help there a bit.

您还可以尝试使用 cfformprotect 之类的工具来保护自己免受机器人和已知垃圾邮件发送者的侵害，它集成了 蜜罐项目 和 Akismet 保护以及其他工具到您的表单中.

You can also try to protect yourself from bots and known spammers using something like cfformprotect, which integrates Project Honeypot and Akismet protection amongst other tools into your forms.

这篇关于Coldfusion 9中的清洁字符串/输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！