One, form security
1. Htmlspecialchars () function
Converts a special character to an HTML entity. This means that HTML characters such as < and > are replaced with < and >. This prevents attackers from exploiting the code by injecting HTML or JavaScript code (cross-site scripting attacks) into the form.
Cross-site scripting attacks (Scripting): For non-aliasing with cascading style sheets (cascading style Sheets, CSS), the cross-station scripting attack is abbreviated to XSS. A malicious attacker inserts malicious HTML code into a Web page, and when the user browses to the page, HTML code embedded inside the Web is executed to achieve the special purpose of the malicious attacker.
HTML entities: Reserved characters in HTML must be replaced with character entities. If you want to display reserved characters correctly, we must use the character entity (character entities) in the HTML source code.
Show result description Entity name entity number
|
Space |
|
|
< |
Less than sign |
< |
< |
> |
Greater than sign |
> |
> |
& |
and number |
& |
& |
“ |
Quotes |
" |
" |
‘ |
Apostrophe |
' (ie not supported) |
' |
¢ |
Score of |
¢ |
¢ |
£ |
Pounds |
£ |
£ |
¥ |
Yen |
¥ |
¥ |
? |
Euro |
€ |
€ |
§ |
Section |
§ |
§ |
© |
Copyright |
© |
© |
® |
Registered trademarks |
® |
® |
? |
Trademark |
™ |
™ |
X |
Multiplication sign |
X |
X |
÷ |
Division Sign |
÷ |
÷ |
A simple adder (note the htmlspecialchars)
2. Create form validation function
Form Testing
Name: ". $name; echo "
Email: ". $email; echo "
Website: ". $website; echo "
Comment: ". $comment;?>
Second, form must fill
Field validation rules
Name |
required. must contain letters and spaces. |
e-mail |
required. Must contain a valid e-mail address (contains @ and.). |
Website |
Optional. If you select, you must include a valid URL. |
Comment |
Optional. Multi-line Input field (text box). |
form must be filled in
Name: ". $name; echo "
Email: ". $email; echo "
Website: ". $website; echo "
Comment: ". $comment;?>
Third, format matching
Use Regular Expressions (Regular expression) to format the data entered by the user. For more information on regular expressions, see the regular expression 30-minute introductory tutorial and the full symbolic interpretation of regular expressions.
int preg_match (String $pattern, string $subject);
Searches for a match between the subject and the regular expression given by the pattern.
Regex Quick Reference
Symbolic meaning
[ABC] |
A single character:a, B or C |
[^ABC] |
Character but a, B, or C |
[A-z] |
Any single character in the range A-Z |
[A-za-z] |
Any single character in the range A-Z or a-Z |
^ |
Start of Line |
$ |
End of Line |
\a |
Start of String |
\z |
End of String |
. |
Any single character |
\s |
Any whitespace character |
\s |
Any non-whitespace character |
\d |
Any digit |
\d |
Any non-digit |
\w |
Any word character (letter, number, underscore) |
\w |
Any Non-word character |
\b |
Any word boundary character |
(...) |
Capture everything enclosed |
(A |
b |
A? |
Zero or one of a |
A * |
Zero or more of a |
A + |
One or more of a |
A{3} |
Exactly 3 of a |
A{3,} |
3 or more of a |
a{3,6} |
Between 3 and 6 of a |
1. Match Name
"/^[a-za-z]*$/"
Only spaces and letters are allowed, "^" means the beginning, "$" means the end, [A-za-z] represents a A-Z or a-Z or a character in a space.
$name = Test_input ($_post["name"]), if (!preg_match ("/^[a-za-z]*$/", $name)) { $NAMEERR = "Only allow letters and spaces! "; }
2, matching e-mail
"/([\w-]+\@[\w-]+.[ \w-]+)/"
"\w" matches any word character that includes an underscore. Equivalent to ' [a-za-z0-9_] ';
+ Match the preceding subexpression one or more times;
"-" Match "-".
3. Match URL
"/\b (?:(?: https?| FTP): \/\/|www.) [-a-z0-9+&@#\/%?=~_|!:,.;] *[-a-z0-9+&@#\/%=~_|] /I "
Iv. keep the values in the form
Principle: Embed the PHP script in the input tag.
If type= "text", then embed value= " "
If Type= "Radio", then embed
Finally, a simple login form is written:
A simple login form
"; echo "Mailbox:". $email; echo "
"; echo "Password:" $PASSWD;?>
Copyright NOTICE: This article for Lshare original article, need to reprint please contact me, have questions welcome comments or private messages.