douba1617 2015-08-30 05:25
浏览 33
已采纳

将数据发布到codeigniter中的方法,存在安全风险?

I have been using CodeIgniter, to make a data-entry form with following code.I am sending the as POST to the welcome controller's get_data method.
Can providing the the action in form like this be vulnerable?Is there any other method? 

<form id='form'  action="<?php echo base_url("welcome/get_data"); ?>" method="POST" style="display:inline;">            
    <div class="form-group">
        <div class="col-md-6">
        <label class="col-md-3">First Name :</label><input  class="col-md-3" type="text" name='fname' ></input>
        </div>
        <div class="col-md-6">
        <label class="col-md-3">Middle Name :</label><input class="col-md-3" type="text" name='mname' ></input>
        </div>
    </div>
    <div class="form-horizontal">
        <div class="col-md-6">
        <label class="col-md-3">Last Name :</label><input class="col-md-3" type="text" name='lname' ></input>
        </div>
        <div class="col-md-6">
        <label class="col-md-3">Mobile No. :</label><input  class="col-md-3" type="text" name='Mno' ></input>
        </div>
    </div>        
    <div class="form-horizontal">
        <div class="col-md-6">
            <label class="col-md-3">Pin Code : </label><input  class="col-md-3" type="text" name='Pcode' ></input>
        </div>
        <div class="col-md-6">
            <label class="col-md-3">Country : </label><input class="col-md-3" type="text" name='Coun'></input>
        </div>
    </div>
    <div class="form-group">
        <div class="col-md-6">
            <label class="col-md-3">State : </label><input class="col-md-3" type="text" name='St'></input>
        </div>
        <div class="col-md-6">
            <label class="col-md-3">Email : </label><input class="col-md-3" type="text" name='email'></input><br>
        </div>
    </div><br>
            <input class="class-md-3 col-md-offset-4" type="submit" value="Save"/>
    </div>
</form>



Also can I use $this->input>post() to directly insert data in database, is it Mysql injection proof?

</div>
  • 写回答

1条回答 默认 最新

  • douju7245 2015-08-30 05:50
    关注

    you can use the form helper class, which contains lots of functions useful for working with forms

    CodeIgniter form helper

    do escape your db queries and use the CI built in function $this->db->escape_str

    CodeIgniter Db Queries

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码