Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > PHP如何过滤GET或者POST的参数?如何样才能保证代码不被注入

PHP如何过滤GET或者POST的参数?如何样才能保证代码不被注入

WBOY
Release: 2016-06-13 12:55:22
Original
1487 people have browsed it

PHP怎么过滤GET或者POST的参数?怎么样才能保证代码不被注入?
请问PHP怎么过滤GET或者POST的参数?防止js注入,或者一些html注入?请请提供代码参考?谢谢!


------解决方案--------------------
直接查查 魔术转换 相关东西吧

不用去看wordpress了,学这么个东西还要去看wordpress,搞死人啊
------解决方案--------------------
<br />
<br />
if (!get_magic_quotes_gpc())//如果没有开启的话<br />
{<br />
    /****需要对这几个数组,遍历,注意数组多维的情况,addslashes($str)就可以<br />
    $_GET<br />
    $_POST<br />
    $_COOKIE<br />
    $_REQUEST<br />
    ****/<br />
}<br />
<br />
Copy after login

------解决方案--------------------
看看wordpress好处还是有的。addslashes不能阻止所有情况。
------解决方案--------------------
addslashes基本上可以防止所有的sql注入了。
防止js注入,直接把<和>替换了就可以了
------解决方案--------------------
如果传递的是数值,用ceil($_get['okid']),应该可以防范得住。
------解决方案--------------------
<br />
if (!get_magic_quotes_gpc()) {<br />
	!empty($_POST)	 && Add_S($_POST);<br />
	!empty($_GET)	 && Add_S($_GET);<br />
	!empty($_COOKIE) && Add_S($_COOKIE);<br />
	!empty($_SESSION) && Add_S($_SESSION);<br />
}<br />
!empty($_FILES) && Add_S($_FILES);<br />
<br />
function Add_S(&$array){<br />
	if (is_array($array)) {<br />
		foreach ($array as $key => $value) {<br />
			if (!is_array($value)) {<br />
				$array[$key] = addslashes($value);<br />
			} else {<br />
				Add_S($array[$key]);<br />
			}<br />
		}<br />
	}<br />
}<br />
Copy after login

过滤js的,直接把变量内容里的<>替换掉就可以了。不用写在这里面
------解决方案--------------------
<?php<br />
if (!get_magic_quotes_gpc()){<br />
	foreach($_POST as $key => $value){<br />
		$_POST[$key] = addslashes($val);<br />
	}<br />
	foreach($_GET as $key => $value){<br />
		$_GET[$key] = addslashes($val);<br />
	}<br />
}<br />
?>
Copy after login

------解决方案--------------------
$str = "Is your name O'reilly?";<br />
<br />
// 输出:Is your name O\'reilly?<br />
echo addslashes($str);
Copy after login

------解决方案--------------------
<br>
//本人在 TP 框架中的过滤函数。<br>
// Input 类是 TP 提供的。<br>
function inputFilter($content)<br>
{<br>
	if(is_string($content) ) {<br>
        return Input::getVar($content);<br>
    }<br>
    elseif(is_array($content)){<br>
        foreach ( $content as $key => $val ) {<br>
            $content[$key] = inputFilter($val);<br>
        }<br>
        return $content;<br>
    }<br>
    elseif(is_object($content)) {<br>
        $vars = get_object_vars($content);<br>
        foreach($vars as $key=>$val) {<br>
            $content->$key = inputFilter($val); <div class="clear">
                 
              
              
        
            </div>
Copy after login
Related labels:
array content get nbsp
source:php.cn
Previous article: php+jquery+Jcrop实现下传-截取-保存图片功能 Next article: php中没有显示出mssql的pdo,该怎么解决
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1429
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1284
PX automatic conversion to REM error  <style>html {   font-size: calc(100vw / 3.75);      }...
From 2024-04-16 09:34:16
0
0
4687
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template