PHP Security Common Sense validation Data _php tutorial

In learningYour users may be excellent, and most users may use the application exactly as expected. However, as long as the opportunity to enter is provided, there is a high likelihood of very bad input. As an application developer, you must prevent the application from accepting the wrong input. Careful consideration of the user input location and the correct value will allow you to build a robust and secure application.

The following is a list of general validation tips for various validation data:

Use a value from a whitelist

Always re-verify limited options

Using the built-in escape function

Verify the correct data type (such as a number)

The value in the whitelist (white-listed value) is the correct value, as opposed to the invalid blacklist value (black-listed value). The difference between the two is that, typically, when validating data, the list or range of possible values is less than the list or range of invalid values, many of which may be unknown values or unexpected values.

When validating data for PHP security, remember that designing and validating the values that your application allows is usually easier than preventing all unknowns. For example, to limit field values to all numbers, you need to write a routine that ensures that the inputs are all numbers. Do not write routines that are used to search for non-numeric values and are marked as invalid when a non-numeric value is found.

http://www.bkjia.com/PHPjc/446401.html www.bkjia.com true http://www.bkjia.com/PHPjc/446401.html techarticle learning about your users can be excellent, and most users may use the application exactly as expected. However, as long as the opportunity to provide input, it is very likely that there is a very ...

