Is it safe to assume that in
if (($i = (int)trim($_GET['user_input'])) != 0) {
// do stuff with $i
}
$i can only ever be an integer?
Edit:
I now use:
if (ctype_digit($i = $_GET['user_input'])) {
// do stuff with $i
}
是(int)$ _ GET ['user_input']安全吗?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
4条回答 默认 最新
- dongshai8330 2014-12-20 13:07关注
So if your only question is if it's in any case a
int, then is the answer :Yes
But if the cast to int fails (e.g. input:
'a')$iis just0Example:
Input/ Output:
4 -> 4 -5 -> -5 "14" -> 15 "a" -> 0 "!" -> 0 array() -> 0Side Note:
If the value is an array trim fails and you get an error
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2014-12-20 12:59回答 4 已采纳 So if your only question is if it's in any case a int, then is the answer : Yes But if the cast
- 2014-11-12 13:46回答 1 已采纳 Use $_REQUEST which contains both POST and GET variables. public function get($item) { if (!e
- 2013-03-22 08:50回答 4 已采纳 In here your trying to get like this $_GET['ini']; http://localhost/xampp/testing/Int/table.php
- 2020-11-26 18:08思源湖的鱼的博客 尽可能全面的总结PHP的各种安全问题:基础知识、弱类型及各种函数、伪协议、反序列化、其他,本篇持续更新
- 2011-11-20 08:25回答 3 已采纳 I would check if it was a string before using it in a string context. $name = (isset($_GET['name'
- 2013-05-15 10:03回答 1 已采纳 Hi I've created and tested this. Works as expected for me! :) Document: 16562761.php <?php if
- 2014-11-18 13:55回答 1 已采纳 Try looking at the example supplied by PHP.net: <?php $mysqli = new mysqli("localhost", "my_us
- 2022-01-26 17:34YKingH的博客 Web专项练习—ctfshow-php特性 ...call_user_func()绕过 sha1()函数绕过 变量覆盖 sha1弱比较 md5弱比较 ereg()截断漏洞 php内置类 FilesystemIterator 压缩过滤器绕过 空格代替url ‘_’ 绕过 gettex
- 2011-11-28 18:13回答 3 已采纳 UPLOAD_ERR_INI_SIZE Value: 1; The uploaded file exceeds the upload_max_filesize directive in ph
- 2021-09-02 17:51回答 2 已采纳 后面那几个成员函数缩进不对,应该在class内部而不是和class同级
- 2018-05-20 07:48回答 2 已采纳 Hope this will help you : if you don't want to change your model query set session like this $us
- 2022-01-12 10:52keepb1ue的博客 目录WEB简单的Web足迹NoRCEGiveMeSecretMisc不止止base64失眠的夜High quality men WEB 简单的Web <?php highlight_file(__FILE__);... $action = $_GET['action']; if (isset($action)) { if (p
- 2019-08-11 16:39回答 1 已采纳 The second parameter for PDF::loadView() must be an array. Try to change this $pdf = PDF::loadVi
- 2021-09-05 13:03OceanSec的博客 有关 intval() 函数的绕过技巧 web89 clude("flag.php"); highlight_file(__FILE__); if(isset($_GET['num'])){ $num = $_GET['num']; if(preg_match("/[0-9]/", $num)){ die("no no no!"); } if(intval($num)...
- 2021-02-20 00:42小元砸的博客 Web 89 <?php include("flag.php"); highlight_file(__FILE__); if(isset($_GET['num'])){ $num = $_GET['num'];... if(preg_match("/[0-9]/", $num)){ ... if(intval($num)){ echo $flag; } }
- 没有解决我的问题, 去提问
悬赏问题
- ¥17 pro*C预编译“闪回查询”报错SCN不能识别
- ¥15 微信会员卡接入微信支付商户号收款
- ¥15 如何获取烟草零售终端数据
- ¥15 数学建模招标中位数问题
- ¥15 phython路径名过长报错 不知道什么问题
- ¥15 深度学习中模型转换该怎么实现
- ¥15 Stata外部命令安装问题求帮助!
- ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
- ¥15 如何用python向钉钉机器人发送可以放大的图片?
- ¥15 matlab(相关搜索:紧聚焦)