Is it safe to do smth like this in first if on the page ctype_digit(base64_decode(trim($_POST['id']) or i should first create variable inside if and assign trim($_POST['id']) to it because they might have put some crazy thing in it that might overflow base64_decode or ctype_digit for example or i am overemphasizing?
在php中处理表单更安全的方法?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
3条回答 默认 最新
- doupuxuan5784 2011-11-08 15:51关注
I would say that you are being careful enough by doing that. However, in most cases the correct way to code would be to create a variable, like $id, and assign it the value of your post variable. This is because allot of developers have to work with templates, and as a PHP programmer your task would be to take post / get input and database rows, and make them available to templates as easy to access variables and arrays.
Your example makes your script safe when you are expecting a numerical id. If you are expecting a string, usually to be used in an SQL statement, then you will need to take further steps. Even the cleanest string can be used for SQL injection. That's where prepared statements should be used.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2011-11-08 15:20回答 3 已采纳 I would say that you are being careful enough by doing that. However, in most cases the correct wa
- 2017-12-17 18:16回答 2 已采纳 i resolve my above problem by applying this code <?php echo $_REQUEST['n'];?>
- 2018-05-10 12:11回答 1 已采纳 In this case you should use json_encode function to convert your JSON data to string. $test[0]['d
- 2021-03-23 17:45李敏哼马克的博客 php获取表单数据的几种方法:一、用file_get_contents以get方式获取内容,需要输入内容为:
- 2019-04-20 12:57回答 2 已采纳 Input file elements never store in the $_POST array. You have to loop through the $_FILES array to
- 2017-08-17 06:53回答 7 已采纳 Here are few mistakes: You are using method as $_POST in your form attribute, It should be only
- 2016-12-30 14:38回答 2 已采纳 <?php if (isset($_POST['register'])) { try { if (empty($_POST['username']))
- 2022-04-11 09:00小雨青年的博客 目录哪里需要处理表单怎么接收表单数据如何配置表单相关参数怎么保证安全性结束语 哪里需要处理表单 表单在我们的实际项目中很常见,比如 官网的联系方式填写 微信群收到的问卷调查 涉及到收集用户输入内容的大...
- 2017-02-25 16:02回答 9 已采纳 ``` ``` 计算器
- 2017-01-31 23:57回答 3 已采纳 In your HTML, add the input field like this: <input type="text" name="username" value="<?ph
- 2017-12-13 10:20回答 2 已采纳 I've found a way. You can: 1.) Put the coin id on the value of the select then, 2.) On your post
- 2019-05-09 16:56xiaobainiujiaming的博客 第一步:设置value的值 第二步:在表单处理页面.php文件中,在注册的sql语句中$gender不加单引号,因为value的值是整型
- 2018-04-11 13:20回答 2 已采纳 You have two problems with your AdminPageService's postAdminPageAdd method. First, Headers.append(
- 2021-03-23 17:44帅小伙-路飞的博客 原标题:php获取表单数据的两种方法说明获取表单数据是表单应用中最基本的操作,表单数据的传递方法有两种,即POST()方法和GET()方法,下面说说这两种方法的优缺点和案例!一、使用POST()方法提交表单应用POST()方法...
- 2021-03-22 22:01weixin_39797381的博客 我们在网站开发过程中,通常都会遇到关于php form表单的相关操作。如php获取带有post提交方法的表单数据,这种该如何操作呢?如果大家有看过我【PHP如何通过get方法获得form表单数据?】这一篇文章的话,相信大家对...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 #MATLAB仿真#车辆换道路径规划
- ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
- ¥15 数据可视化Python
- ¥15 要给毕业设计添加扫码登录的功能!!有偿
- ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
- ¥15 微信公众号自制会员卡没有收款渠道啊
- ¥15 stable diffusion
- ¥100 Jenkins自动化部署—悬赏100元
- ¥15 关于#python#的问题:求帮写python代码
- ¥20 MATLAB画图图形出现上下震荡的线条