douchanxiu5636 2017-07-24 22:34
浏览 55
已采纳

将PHP中的_GET var字符串清除为仅字母

I have the common used function php get to include a file and display it as a page like this

index.php?F=contact
<?php
$file=$_GET['F'];
include('the_files/'.$file.'.php');
?>
This will display file contact.php

Because of security I want to filter the

$file=$_GET['F'];

with some kind of code so only text without simbols without slashes will get in the INCLUDE

I tried with

 <?php
    $clean_file=mysqli_real_escape_string($clean_file,$_GET['F']);
    include('the_files/'.$clean.'.php');
    ?>

But it seems like this is only to clean MySQLi...

Any idea how to do that?

  • 写回答

4条回答 默认 最新

  • douxie9347 2017-07-24 22:41
    关注

    Try:

    $file = preg_replace('/[^a-z_\-]/i', '', $_GET['F']);
    

    Of course, I would just run a test and send them to IC3, if they're trying to hack your page.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 C#调用python代码(python带有库)
  • ¥15 矩阵加法的规则是两个矩阵中对应位置的数的绝对值进行加和
  • ¥15 活动选择题。最多可以参加几个项目?
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B