How does PHP filter GET or POST parameters? How can we ensure that the code is not injected? How does PHP filter GET or POST parameters? Prevent js injection or some html injection? Please provide code reference? Thank you! ------ Solution ------------------ check & nbsp; Magic conversion & nbsp; do not check how to filter GET or POST parameters in w PHP? How can we ensure that the code is not injected?
How does PHP filter GET or POST parameters? Prevent js injection or some html injection? Please provide code reference? Thank you!
------ Solution --------------------
Check the magic conversion.
You don't have to go to wordpress. you have to go to wordpress to learn such a thing.
------ Solution --------------------
If (! Get_magic_quotes_gpc () // if not enabled
{
/***** You need to traverse these arrays. pay attention to the multi-dimensional array. you can use addslashes ($ str ).
$ _ GET
$ _ POST
$ _ COOKIE
$ _ REQUEST
****/
}
------ Solution --------------------
Look at the benefits of wordpress. Addslashes cannot block all cases.
------ Solution --------------------
Addslashes can basically prevent all SQL injections.
Prevents js injection and directly <和> Replace it.
------ Solution --------------------
If the value is passed, use ceil ($ _ get ['okid.
------ Solution --------------------
if (!get_magic_quotes_gpc()) {
!empty($_POST) && Add_S($_POST);
!empty($_GET) && Add_S($_GET);
!empty($_COOKIE) && Add_S($_COOKIE);
!empty($_SESSION) && Add_S($_SESSION);
}
!empty($_FILES) && Add_S($_FILES);
function Add_S(&$array){
if (is_array($array)) {
foreach ($array as $key => $value) {
if (!is_array($value)) {
$array[$key] = addslashes($value);
} else {
Add_S($array[$key]);
}
}
}
}
Filter js and replace <> in the variable content. Don't write it here
------ Solution --------------------
if (!get_magic_quotes_gpc()){
foreach($_POST as $key => $value){
$_POST[$key] = addslashes($val);
}
foreach($_GET as $key => $value){
$_GET[$key] = addslashes($val);
}
}
?>
------ Solution --------------------
$ Str = "Is your name O 'Reilly? ";
// Output: Is your name O \ 'Reilly?
Echo addslashes ($ str );
------ Solution --------------------
// The filter function in the TP framework.
// The Input class is provided by TP.
Function inputFilter ($ content)
{
If (is_string ($ content )){
Return Input: getVar ($ content );
}
Elseif (is_array ($ content )){
Foreach ($ content as $ key => $ val ){
$ Content [$ key] = inputFilter ($ val );
}
Return $ content;
}
Elseif (is_object ($ content )){
$ Vars = get_object_vars ($ content );
Foreach ($ vars as $ key => $ val ){
$ Content-> $ key = inputFilter ($ val );