doutun1875 2016-04-16 20:40
浏览 75
已采纳

PHP strpos验证

I am using the strpos function to validate a url that is submitted by a user and I want to make sure I'm not missing anything that would allow the user to bypass the validation and submit a url that is inappropriate.

Take the following as an example, if I only want a user to be able to input a url associated with the youtube domain, I don't want them to be able to put a wildcard (*) or something in that would "trick" the strpos function.

$url = $request->input('url');

// Check if Youtube url is found

if (strpos($url, 'http://youtube.com') > -1)
{
    // some code    
}

// some code

Thanks!

  • 写回答

3条回答 默认 最新

  • douqi0090 2016-04-16 20:56
    关注

    strpos returns false when in a not found condition and 0 if the string appears in the first column, which also looks like false to PHP, so it would be more accurate to use === or !==

    $url = $request->input('url');
// Check if Youtube url is found

if (strpos($url, 'http://youtube.com') !== FALSE)
{
    // some code when youtube is found in url
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 MATLAB中streamslice问题
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 51单片机中C语言怎么做到下面类似的功能的函数(相关搜索:c语言)
  • ¥15 seatunnel 怎么配置Elasticsearch
  • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
  • ¥15 (标签-MATLAB|关键词-多址)
  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端