doutu1889 2013-10-25 23:50
浏览 24
已采纳

防止php注入[重复]

This question already has an answer here:

im looking for all the ways to prevent people from entering php code into text field at the php level. i have prevention from sql injection but do i not need a way to prevent people from say messing with my if statements?

$email=$_POST["email"];
if(filter_var($email, FILTER_VALIDATE_EMAIL))
{
    //do suff
}

can a user not enter something like "not@a@valid@email.com = valid@email.com" as the email and it will be considered valid. I know this example isn't bad for the server but i'm sure others and come up with more deadly.

Or am i worrying about something that is never a problem?

</div>
  • 写回答

1条回答 默认 最新

  • duancheng3042 2013-10-25 23:53
    关注

    This is not a problem, since the user data is the value of a string. It's no different from saying:

    filter_var("die()", FILTER_VALIDATE_EMAIL)

    That also doesn't kill your program. It's just text.

    Just don't use eval. Not ever, but specifically not ever on user input.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比
  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作