How I can sanitize a string that receives a hash+random salt?
I can remove the white spaces, check the length and use mysqli_real_escape_string, but it sufficient? The filter_var is really useful but it can't help in this case, right?
3条回答 默认 最新
doushang8846 2011-03-22 03:01关注If you are going to put the variable in an SQL query, then you either need to call
mysqli_read_escape_stringor (even better!) use prepared statements.There's no other sanitization you need to do. However, if the value will be coming from freeform user input (e.g. a text box instead of a drop down menu) then you may also want to trim whitespace and lowercase it as a courtesy to the user (to correct accidental mistakes they might make). It really depends on the application.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
悬赏问题
- ¥15 完成下列问题完成下列问题
- ¥15 C#算法问题, 不知道怎么处理这个数据的转换
- ¥15 YoloV5 第三方库的版本对照问题
- ¥15 请完成下列相关问题!
- ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
- ¥15 求daily translation(DT)偏差订正方法的代码
- ¥15 js调用html页面需要隐藏某个按钮
- ¥15 ads仿真结果在圆图上是怎么读数的
- ¥20 Cotex M3的调试和程序执行方式是什么样的?
- ¥20 java项目连接sqlserver时报ssl相关错误