How to implement a PHP framework series article "5" Secure processing input, _php tutorial

How to implement a PHP framework series article "5" Secure processing input,

All external input parameters should be checked for legitimacy.

Improper processing of input data can lead to vulnerabilities such as SQL injection.

The framework provides a series of functions to take values from $_request

Requestint

RequestString

Requestfloat

Requestbool

PS: Note that variable types in $_request may be arrays

If the request is i[]=1, then the value of $_request[' I '] is array (1)

When doing the calibration to consider comprehensive to prevent PHP warning information disclosure

In addition, we introduce the data check in KV JSON format.

Sometimes in order to retain some extensibility in the project, the JSON-formatted data is used, and how is this data validated?

Check key value form {k1:v1, K2:v2, K3:v3 ...} JSON data, each pair of kv can be verified

Requestkvjson

Partial implementation Code

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758

//校验整数，失败返回$defaultfunction checkInt($var, $default = 0) { return is_numeric($var) ? intval($var, (strncasecmp($var, '0x', 2) == 0 || strncasecmp($var, '-0x', 3) == 0) ? 16 : 10) : $default;} //校验字符串 $check为正则表达式function checkString($var, $check = '', $default = '') { if (!is_string($var)) { if(is_numeric($var)) { $var = (string)$var; } else { return $default; } } if ($check) { return (preg_match($check, $var, $ret) ? $ret[1] : $default); } return $var;} /* 校验kv json， 如果想要一个这样的数据{id:1, 'type':'single_text', 'required': true, 'desc':'this is a text'} 那么$desc可以这样写 array( array('id', 'Int'), array('type', 'string', PATTERN_NORMAL_STRING), array('required', 'Bool', false), array('desc', 'string', PATTERN_NORMAL_STRING),))*/function checkKvJson($var, $desc = array()) { if(is_string($var)) { $var = json_decode($var, true); } if(!$var || !is_array($var)) { return array(); } if($desc) foreach($desc as $d) { if(!isset($var[$d[0]])) { return array(); } $ps = array_slice($d, 2); array_unshift($ps, $var[$d[0]]); $var[$d[0]] = call_user_func_array('check'.$d[1], $ps); if($var[$d[0]] === false && strcasecmp($d[1], 'Bool')) { return array(); } } return $var;}

http://www.bkjia.com/PHPjc/1100150.html www.bkjia.com true http://www.bkjia.com/PHPjc/1100150.html techarticle How to implement a PHP framework series article "5" Secure processing input, all external input parameters should check the legitimacy. Improper processing of input data can lead to vulnerabilities such as SQL injection ...

