For a secure url query, what is more secure? filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS) or htmlentities ?
2条回答 默认 最新
- dongsuikai8286 2010-07-06 17:37关注
What are you defending against? A vulnerability is highly dependent on how the data is being used. Its impossible to create 1 function call that protects against everything, and mixing protection systems (like xss and sql injection) is a very bad idea.
For XSS you should use:
htmlspecialchars($var, ENT_QUOTES);
For Sql Injection in mysql you should use
mysql_real_escape_string($var);
If you are passing user input to
system()
or another similar function then you should useescapeshellarg($var);
These are the top 3 and mixing these will cause nothing but problems.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 自适应 AR 模型 参数估计Matlab程序
- ¥100 角动量包络面如何用MATLAB绘制
- ¥15 merge函数占用内存过大
- ¥15 Revit2020下载问题
- ¥15 使用EMD去噪处理RML2016数据集时候的原理
- ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
- ¥15 单片机无法进入HAL_TIM_PWM_PulseFinishedCallback回调函数
- ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
- ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
- ¥15 如何在炒股软件中,爬到我想看的日k线