How does PHP filter the GET or post parameters? How can I ensure that the code is not injected?
How does PHP filter the GET or post parameters? Prevent JS injection, or some HTML injection? Please provide code reference? Thank you!
------Solution--------------------
Look directly at the magic Switch-related stuff.
Do not go to see WordPress, learn such things to go to see WordPress, the Dead Ah
------Solution--------------------
if (!GET_MAGIC_QUOTES_GPC ())//If not open
{
/**** need to iterate over these several arrays, note the array of multidimensional cases, addslashes ($STR) can
$_get
$_post
$_cookie
$_request
****/
}
------Solution--------------------
Look at the advantages of WordPress or some. Addslashes cannot block all situations.
------Solution--------------------
Addslashes can basically prevent all SQL injections.
To prevent JS injection, directly <和> Replace it, you can.
------Solution--------------------
If you pass a value, use Ceil ($_get[' Okid '), you should be able to prevent it.
------Solution--------------------
if (!GET_MAGIC_QUOTES_GPC ()) {
!empty ($_post) && add_s ($_post);
!empty ($_get) && add_s ($_get);
!empty ($_cookie) && add_s ($_cookie);
!empty ($_session) && add_s ($_session);
}
!empty ($_files) && add_s ($_files);
Function add_s (& $array) {
if (Is_array ($array)) {
foreach ($array as $key = = $value) {
if (!is_array ($value)) {
$array [$key] = addslashes ($value);
} else {
add_s ($array [$key]);
}
}
}
}
Filter JS, directly to the variable contents of the <> replacement is possible. Don't write it in here.
------Solution--------------------
if (!GET_MAGIC_QUOTES_GPC ()) {
foreach ($_post as $key = = $value) {
$_post[$key] = addslashes ($val);
}
foreach ($_get as $key = = $value) {
$_get[$key] = addslashes ($val);
}
}
?>
------Solution--------------------
$str = "Is your name O ' Reilly?";
Output: Is your name o\ ' Reilly?
echo addslashes ($STR);
------Solution--------------------
//I filter function in the TP frame. The
//Input class is provided by TP.
Function Inputfilter ($content)
{
if (is_string ($content)) {
return Input::getvar ($content);
ElseIf (Is_array ($content)) {
foreach ($content as $key = = $val) {
$content [$key] = Inputfilter ($val);
}
return $content;
}
ElseIf (Is_object ($content)) {
$vars = Get_object_vars ($content);
foreach ($vars as $key = + $val) {
$content $key = Inputfilter ($val);