Forms validation classes commonly used in PHP Dynamic Web page development
Class Class_post{Verifies whether a letter/number combination of a specified lengthfunction Fun_text1 ($num 1, $num 2, $STR){Return (Preg_match ("/^[a-za-z0-9]{". $num 1. ","
Strip_tags removes HTML and PHP tags. Syntax: stringstrip_tags (stringstr); Return Value: string type: description of data processing content htmlspecialchars converts special characters into HTML format. Syntax: stringhtmlspecialchars (stringstring)
LearningThe PHP verification form code is as follows:
Php
Class class_post
{
// Verify whether it is a combination of letters and numbers with a specified length
Function fun_text1 ($ num1, $ num2, $ str)
{
Return
These functions are mainly used to clear the HTML flag, so there is no way to inject code. Using more functions is htmlspecialchars (), which can handle all the XSS vulnerabilities.
To fix the XSS vulnerability in PHP, we can use three PHP
Three functions that I often confuse in PHP, and three functions obfuscated in PHP. Three functions that I often confuse in PHP: www.ido321.com1252.html 1. htmlentities () and htmlspecialchars () 1. htmlentities () 1.1: three functions that I often
Why it's not safe.
htmlspecialchars处理后">
This is safe.
test_form.php "/small white How to think it is only two"/change a position
Originated from http://www.w3school.com.cn/php/php_form_validation.asp
Reply content:
Why it's not
Copy CodeThe code is as follows:
/*
*@ Adding data functions automatically
*@ $table Table Name
*@ $arr Word Snippets Array ("title", Array ("content", int))
*@ Array (field, type)
*@ type description
html--Allow HTML
unhtml-HTML is not allowed
int--
Copy Code code as follows:
/*
*@ automatically add data functions
*@ $table Table Name
*@ $arr Word Genku Array ("title", Array ("content", int))
*@ Array (field, type)
*@ type description
html--allows HTML
unhtml-does not allow HTML
Forms validation classes commonly used in PHP Dynamic Web page development
The following are the referenced contents:Class Class_post{Verifies whether a letter/number combination of a specified lengthfunction Fun_text1 ($num 1, $num
Php lazy functions automatically add data. Copy the code as follows: ** @ automatically add a data function * @ $ table name * @ $ arr field Library array (title, array (content, int )) * @ array (field, type) * @ type description html -- allow ht
PHP character functions 12th page. AddSlashes: Adds a slash to the string. Bin2hex: binary to hexadecimal. Chop: removes consecutive gaps. Chr: returns the character of the ordinal value. Chunk_split: splits a string into segments. Convert
PHP verification form implementation method. The code for learning the PHP verification form is as follows :? Phpclassclass_post {verify whether the functionfun_text1 ($ num1, $ num2, $ str) {Return (preg_match (learningThe PHP verification form
Form toolkit with synchronization token
It is said that the Shenzhen 2011 Universiade is not coming, so I was arrested by the Youth League Committee to serve as a volunteer service station. A small form toolkit is written in the process.
Cmseasy front-end does not need to log on to directly obtain SQL injection of sensitive data (proof of POC)
I downloaded the latest version of cmseasy. Someone mentioned this vulnerability before and officially fixed it. But the more I fixed it,
To fix the XSS vulnerability in PHP, we can use three PHP functions. These functions are mainly used to clear the HTML flag, so there is no way to inject code. More functions are htmlspecialchars (), which can convert all and symbols into and ;.
For more information about the submitted content escaping, please refer to the following link: Generally, when writing a PHP program, do you need to execute escaping before the textarea data is submitted to the database? because if there is php code
LearnThe specific code for the PHP validation form is as follows:
Php
Class Class_post
{
Verifies whether a combination of letters/numbers of a specified length
function Fun_text1 ($num 1, $num 2, $STR)
{
Count the number of posts (in the case of images) [purpose] Post preview: when the number of words exceeds a certain limit, display part of the post, and use & nbsp; & nbsp ;.. show Full Text & nbsp; to replace [background] The post contains labels
For more information about the submitted content escaping, please refer to the following link: Generally, when writing a PHP program, do you need to execute escaping before the textarea data is submitted to the database? because if there is php code
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.