Table of Contents
如何实现一个php框架系列文章【5】安全处理输入,
Jun 13, 2016 am 08:46 AM
php
deal with
how
Safety
accomplish
article
frame
series
enter
如何实现一个php框架系列文章【5】安全处理输入,
所有的外部输入参数都应该检查合法性。
未正确处理输入数据将可能导致sql注入等漏洞。
框架提供系列函数来取$_REQUEST中的值
requestInt
requestString
requestFloat
requestBool
ps:注意$_REQUEST中变量类型可能会是数组
如请求为 ?i[]=1,那么$_REQUEST['i'] 的值为array(1)
做校验的时候要考虑全面以防止php warning信息泄露
另外再介绍一下kv json格式的数据校验。
有时为了在项目中保留一定扩展性,会使用json格式的数据,这种数据又该如何校验呢。
//校验键值形式{k1:v1, k2:v2, k3:v3 ...}的json数据,可以对每一对kv进行校验
requestKvJson
部分实现代码
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
//校验整数,失败返回$default
function checkInt($var, $default = 0) {
return is_numeric($var) ? intval($var, (strncasecmp($var, '0x', 2) == 0 || strncasecmp($var, '-0x', 3) == 0) ? 16 : 10) : $default;
}
//校验字符串 $check为正则表达式
function checkString($var, $check = '', $default = '') {
if (!is_string($var)) {
if(is_numeric($var)) {
$var = (string)$var;
}
else {
return $default;
}
}
if ($check) {
return (preg_match($check, $var, $ret) ? $ret[1] : $default);
}
return $var;
}
/*
校验kv json,
如果想要一个这样的数据{id:1, 'type':'single_text', 'required': true, 'desc':'this is a text'}
那么$desc可以这样写
array(
array('id', 'Int'),
array('type', 'string', PATTERN_NORMAL_STRING),
array('required', 'Bool', false),
array('desc', 'string', PATTERN_NORMAL_STRING),
))
*/
function checkKvJson($var, $desc = array()) {
if(is_string($var)) {
$var = json_decode($var, true);
}
if(!$var || !is_array($var)) {
return array();
}
if($desc)
foreach($desc as $d) {
if(!isset($var[$d[0]])) {
return array();
}
$ps = array_slice($d, 2);
array_unshift($ps, $var[$d[0]]);
$var[$d[0]] = call_user_func_array('check'.$d[1], $ps);
if($var[$d[0]] === false && strcasecmp($d[1], 'Bool')) {
return array();
}
}
return $var;
}
|
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Hot Article
Repo: How To Revive Teammates
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
1 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago
By DDD
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Hot tools Tags
Hot Article
Repo: How To Revive Teammates
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
1 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago
By DDD
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago
By 尊渡假赌尊渡假赌尊渡假赌
Hot Article Tags
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
The best time to buy Huawei Mate 60 series, new AI elimination + image upgrade, and enjoy autumn promotions
Aug 29, 2024 pm 03:33 PM
The best time to buy Huawei Mate 60 series, new AI elimination + image upgrade, and enjoy autumn promotions
