The project will inevitably have a form submission, the user input of all the information to filter, can avoid XSS attacks, prevent SQL injection.
First, set the configuration information
First, in the config.php file, the security related information is set,
Second, common methods
1. Clean ($value, $filters = null)
// Filter the $text through the filter filters $text = "<script>alert (111);</script>"; $filters Array (' Strip_tags ', ' htmlentities ', ' \\cleaners\\soap::clean '); $text = Security::clean ($text$filters); // The output results are as follows: string
2, Strip_tags ($value) Remove HTML, PHP tags
// Remove the P label from $text string $text = ' <p>test paragraph.</p> '; $text = Security::strip_tags($text); // The output results are as follows: string
3, Xss_clean ($value, array $options = Array ())
// Remove labels from $text, keep <br/> $text = ' <script>alert ("XSS attack!") <br/></script> '; $text = Security::xss_clean ($textarray(' BR ')); // the output is: string "Alert (" XSS attack! ") )
4, Htmlentities ($value, $flags = null, $encoding = NULL, $double _encode = null)
// same function as PHP with same name $text = ' <p>test paragraph.</p> '; $text = Security::htmlentities($text);
5, E ($string)
The E function is security::htmlentities. Alias of function, same effect
Iii. Usage in templates
Fuelphp Series (v)------Security Defense