Home > Developer > PHP

PHPCodeIgniter learning Notes

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Today, I made a simple presentation of the table page. I am using Bootstrap on the front end. I am not familiar with art, and I only need to use other tools. BS is really beautiful, and there are many plug-ins, it's twitter.

What we do today is a simple table page, and I use Bootstrap at the front end. no way. you don't know about art, and you only need to use other tools. BS is really beautiful and has rich plug-ins. it is something twitter engineers have made.

Good stuff is liked by everyone, but its compatibility with IE6-9 is almost 0. as you can understand, Internet Explorer basically does not use these browsers abroad. However, Internet Explorer still occupies a high market share in China. therefore, someone has developed a Bootstrap plug-in called BSIE. it is easy to use and despise IE. it seems that I am using CodeIgniter at the backend, it is an open source framework based on PHP. CI is the question of today, because CI only has xss_clean () for data filtering functions (). (I don't know if I am not familiar with it. In short, I didn't find any other filter functions) today's project involves receiving user data and then submitting database operations. no filtering for SQL statements makes this operation very risky. I think of the xss_clean () function of CI to filter SQL injection statements, two functions are not nested when data is filtered. in the CI/system/core/directory, find secure. in the php file, locate the declaration position of the xss_clean () function, and add such a paragraph at the end.

The PHP instance code is as follows:

  1. $ Str = str_replace ("_", "x", $ str );
  2. $ Str = str_replace ("%", "x", $ str );
  3. $ Str = str_replace ("", "x", $ str );
  4. $ Str = str_replace ("'", "x", $ str );
  5. $ Str = str_replace ("select", "x", $ str );
  6. $ Str = str_replace ("update", "x", $ str );
  7. $ Str = str_replace ("insert", "x", $ str );
  8. $ Str = str_replace ("set", "x", $ str );
  9. $ Str = str_replace ("where", "x", $ str );
  10. $ Str = str_replace ("from", "x", $ str );
  11. $ Str = str_replace ("alert", "x", $ str );
  12. $ Str = str_replace ("like", "x", $ str );
  13. Return $ str;

This almost avoids normal SQL injection.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More