The example in this article describes how PHP prevents filtering of paging parameters in SQL injection. Share to everyone for your reference. The specific analysis is as follows:
In the case of network security, do not believe any input information on the network, for any input information we must filter the parameters. For this, let's take a look at the following examples:
Copy Code code as follows:
$this->load->library (' pagination ');
$config [' base_url '] = Site_url (). '/guest/show ';
$config [' total_rows '] = $c;
$config [' per_page '] = $pernum = 15;
$config [' uri_segment '] = 3;
$config [' use_page_numbers '] = TRUE;
$config [' first_link '] = ' first page ';
$config [' last_link '] = ' last page ';
$config [' num_links '] = 5;
$this->pagination->initialize ($config);
if (! $this->uri->segment (3)) {
$currentnum = 0;
} else {
$currentnum = Is_numeric ($this->uri->segment (3))? (Intval ($this->uri->segment (3)-1)) * $pernum: 0;
}
$current _page=is_numeric ($this->uri->segment (3))? Intval ($this->uri->segment (3)): 1;
if ($current _page) {
$data [' title '] = ' first '. $current _page. ' Page-message book-Anti-SQL injection test ';
}
else{
$data [' title '] = ' message book-Anti-SQL injection test ';
}
$data [' liuyan '] = $this->ly->getly ($pernum, $currentnum);
which
Copy Code code as follows:
$current _page=is_numeric ($this->uri->segment (3))? Intval ($this->uri->segment (3)): 1;
$currentnum = Is_numeric ($this->uri->segment (3))? (Intval ($this->uri->segment (3)-1)) * $PERNUM;
These two sentences determine whether the parameter is a number. Prevents illegal character input.
I hope this article will help you with your PHP program design.
