doutu1889 2013-10-25 23:50
浏览 24
已采纳

防止php注入[重复]

This question already has an answer here:

im looking for all the ways to prevent people from entering php code into text field at the php level. i have prevention from sql injection but do i not need a way to prevent people from say messing with my if statements?

$email=$_POST["email"];
if(filter_var($email, FILTER_VALIDATE_EMAIL))
{
    //do suff
}

can a user not enter something like "not@a@valid@email.com = valid@email.com" as the email and it will be considered valid. I know this example isn't bad for the server but i'm sure others and come up with more deadly.

Or am i worrying about something that is never a problem?

</div>
  • 写回答

1条回答 默认 最新

  • duancheng3042 2013-10-25 23:53
    关注

    This is not a problem, since the user data is the value of a string. It's no different from saying:

    filter_var("die()", FILTER_VALIDATE_EMAIL)

    That also doesn't kill your program. It's just text.

    Just don't use eval. Not ever, but specifically not ever on user input.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 怎样才能让鼠标沿着线条的中心线轨迹移动
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?
  • ¥15 win10权限管理,限制普通用户使用删除功能
  • ¥15 minnio内存占用过大,内存没被回收(Windows环境)
  • ¥65 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?