doumengmian1180 2011-01-19 02:29
浏览 21
已采纳

PHP可以(应该)我array_map filter_var到$ _POST

I just stumbled on this neat bit of code to filter $_POST data quickly:

$post=array_map("filter_data",$_POST);

I've updated it to the new version (after PHP 5.2) and I've got

$post=array_map("filter_var",$_POST,array(516));  // 516 == 'unsafe_raw'

Now I'm paranoid; this seems too easy. So

  • Should I not do this for all post data? (shifty nervous eyes)
  • Is unsafe_raw the correct filter for generic post, get, or cookie data?

I should add I'm just trying for a general sanitizer, mainly to remove SQL injections. If I have an email address or something I can filter again later. Any ideas / suggestions / horrified stares?

  • 写回答

1条回答 默认 最新

  • dqwh1209 2011-01-19 02:36
    关注

    To avoid SQL injection, always use the appropriate functions for your database just before plugging the value into the query string, e.g. mysql_real_escape_string. A general filter not specific to your database doesn't guarantee anything and will probably only filter too much.

    For anything else, like email validation, use the specific filter on the specific variable that holds the email address.

    Also, use the constant FILTER_UNSAFE_RAW, not its numeric value.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 socket通信实现多人聊天室疑惑
  • ¥15 DEV-C++编译缺失
  • ¥33 找熟练码农写段Pyhthon程序
  • ¥100 怎么让数据库字段自动更新
  • ¥15 antv g6 力导向图布局
  • ¥15 quartz框架,No record found for selection of Trigger with key
  • ¥15 锅炉建模+优化算法,遗传算法优化锅炉燃烧模型,ls-svm会搞,后面的智能算法不会
  • ¥20 MATLAB多目标优化问题求解
  • ¥15 windows2003服务器按你VPN教程设置后,本地win10如何连接?
  • ¥15 求一阶微分方程的幂级数