duandunzhuo3234 2012-05-25 18:12
浏览 31
已采纳

PHP:今天仍然相关的基本消毒?

Some years back, I use to do something similar to this on top of my script:

ini_set('magic_quotes_runtime', 0);
ini_set('magic_quotes_sybase', 0);
ini_set('url_rewriter.tags', '');
ini_set('session.use_trans_sid', 0);

function clean_input ($arr)
{
    if (!get_magic_quotes_gpc())
        $arr = array_map('addslashes', $arr);

    return $arr;
}

$_GET = clean_input($_GET);
$_POST = clean_input($_POST);
$_COOKIE = clean_input($_COOKIE);
$_REQUEST = clean_input($_REQUEST);

Are this still relevant today at least in PHP 5.2?

Moreover, what is the minimum basic sanitation stuff we need in today?

  • 写回答

2条回答 默认 最新

  • dsn1327 2012-05-25 18:20
    关注

    mysql_real_escape_string() on anything that enters your database.

    htmlentities() on anything that exits your database.

    The Security class that is bundled with CodeIgniter is quite good. I would suggest looking through it if you are curious what is considered production ready.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?