doutao4938 2014-10-03 16:54
浏览 65
已采纳

str-replace致命错误:只能通过引用传递变量

I have this code as anti-html and sql injection for a online game but it doesn't work and gives me the following error:

    Fatal error: Only variables can be passed by reference

Here is my code:

    $_POST = str_replace('<', '>', '\'', '\'', '\\', '&lt;', '&gt;', '&quot;', '&#39; ', '&#92;', $_POST);
    $_GET = str_replace('<', '>', '\'', '\'', '\\', '&lt;', '&gt;', '&quot;', '&#39;', '&#92;', $_GET);

It's for the first of the two lines, but i'm sure that the problem will be for the second one too. I'm not good at php and these are files i took from the web. How can i solve this?

  • 写回答

2条回答 默认 最新

  • dsunj08246 2014-10-03 17:00
    关注

    You don't need to implement your own XSS filter, as there is already existing one

    And you can take advantage of this in this way:

    $_POST = filter($_POST);
$_GET = filter($_GET);

function filter(array $value) {
        return is_array($value) ? array_map(__FUNCTION__, $value) : htmlentities($value);

}

    This will filter nested arrays as well (in case your input was like name[])

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP