dongque6377 2012-12-12 07:34
浏览 44
已采纳

PHP / MySQL:过滤POST和GET数据[重复]

Possible Duplicate:
What are the best PHP input sanitizing functions?

A while back I found this, what I thought to be great, snippet in someones code to filter POST and GET data from injections. 

function filter($data) { //Filters data against security risks.
    $data = trim(htmlentities(strip_tags($data)));
    if(get_magic_quotes_gpc()) $data = stripslashes($data);
    $data = mysql_real_escape_string($data);
    return $data;
}
foreach($_GET as $key => $value) $filterGet[$key] = filter($value);
foreach($_POST as $key => $value) $filterPost[$key] = filter($value);

And I've been using it ever since. But today, while sending an array through ajax I got tons of errors. Most of them say strip_tags() expects parameter 1 to be string, array given in...

What the best way to filter data? All this data is going to a database. But what about cases where it isn't going to a database?

  • 写回答

5条回答 默认 最新

  • duankeye2342 2012-12-12 07:51
    关注

    Here is the function you need:

    function filter($data) { //Filters data against security risks.
    if (is_array($data)) {
        foreach ($data as $key => $element) {
            $data[$key] = filter($element);
        }
    } else {
        $data = trim(htmlentities(strip_tags($data)));
        if(get_magic_quotes_gpc()) $data = stripslashes($data);
        $data = mysql_real_escape_string($data);
    }
    return $data;
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)

报告相同问题?

悬赏问题

  • ¥15 从Freecad中宏下载的DesignSPHysics,出现如下问题是什么原因导致的(语言-python)
  • ¥30 notepad++ 自定义代码补全提示
  • ¥15 MATLAB有限差分法解一维边值问题
  • ¥200 内网渗透测试 横向渗透 Windows漏洞 Windows权限维持
  • ¥15 数据结构图的相关代码实现
  • ¥15 python中aiohttp.client_exceptions.ContentTypeError
  • ¥30 DeepLung肺结节检测生成最大froc值对应的epoch报错
  • ¥15 信号发生器如何将频率调大,步尽值改成10
  • ¥15 keil 5 编程智能家具,风扇台灯开关,人体感应等
  • ¥100 找一名渗透方面的专家