判断是不是合符规格的url
判断是否合符规格的url
http://localhost/photo.php?type=1&id=0
最近看一下黑客教程 说什么 在 这些URL 后面 加入 一些 1=1 这些条件可以实现什么SQL 注入问题
现在 我想以上的photo.php 文件被访问的时候, 程序检查是否合符规格,‘type=’ 和‘id=’ 后面只能跟数字。在id后面不能有其他的参数,比如:
http://localhost/photo.php?type=1&id=0&1=1
这样
请各位指点一下 谢谢
------解决方案--------------------
使用intval 或者正则对提交的内容根据最终目的类型进行过滤。判断提交内容的长度...
当然前提是涉及到数据库的操作时.如果你这个参数都没有参与数据库的相关操作那么可以不需要这么紧张啦.
------解决方案--------------------
对数据进行转义是必要的手段。不光是对数据的有效性的判断
------解决方案--------------------
哪用得着正则啊。is_numeric()就能判断是否为数字。
------解决方案--------------------
若是整型的直接强制转换(int)$var;这样不是更省事!至于字符窜类型的,得用过滤之类的手段了
------解决方案--------------------
对输入数据做检查和过滤,基本是程序第一步要做的事情...其实楼主你一定已经做过很多了...
不要被那些黑客教程吓着,没有被程序使用的输入,不会对安全有任何危害
至于用intval, (int) 还是is_numeric 或是正则,完全取决于你的需求,
注意这些方法在特殊输入时有可能产生不同效果,
比如在输入小数时?负数时?十六进制,八进制数时?以数字开头却包含字母时?
结果是有可能不同,然后可能导致程序走向不同的分支.
最好的方法就是多测试.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Why can't mysql connect to localhost?
Aug 10, 2023 pm 02:55 PM
The reasons why mysql cannot connect to localhost are that the mysql service is not started, the mysql port is occupied, and there is a problem with the MySQL configuration file. Detailed introduction: 1. In Windows systems, you can open the service manager by entering "services.msc" at the command prompt, then find the mysql service and ensure that its status is "Running". In Linux systems, you can use the "services.msc" command to check and control the service status; 2. You can use the open command and so on.
What should I do if localhost cannot be opened?
Nov 07, 2023 pm 02:47 PM
Solution: 1. Check the running status of the server and make sure it is listening on the correct port; 2. Try to temporarily disable the firewall or security software, and then try to access localhost again; 3. Check the hosts file of the operating system to ensure that localhost is resolved correctly ; 4. Try to restart the network adapter or reconfigure the network connection; 5. Try to change the port used by the local server, or close other programs that occupy the same port; 6. Try to manually add the corresponding IP address and domain name in the hosts file, etc.
What are the uses of the Type keyword in Go?
Sep 06, 2023 am 09:58 AM
The usage of the Type keyword in Go includes defining new type aliases or creating new structure types. Detailed introduction: 1. Type alias. Use the "type" keyword to create an alias for an existing type. This alias does not create a new type, but only provides a new name for the existing type. Type aliases can improve code. The readability of the code makes the code clearer; 2. Structure type. Use the "type" keyword to create a new structure type. The structure is a composite type that can be used to define custom types containing multiple fields. etc.
What does linux localhost mean?
Mar 14, 2023 am 09:53 AM
linux localhost means "computer host name". The host name is used to identify an independent computer on the network; the root in "root@localhost" represents the currently logged-in user. In Linux, the administrator account is root, and the user is root. Log in to the Linux machine as a user.
Solve Ubuntu mounting mobile hard disk error: unknown file system type exfat
Jan 05, 2024 pm 01:18 PM
An error occurs when ubuntu mounts a mobile hard disk: mount: unknownfilesystemtype'exfat'. The processing method is as follows: Ubuntu13.10 or install exfat-fuse: sudoapt-getinstallexfat-fuseUbuntu13.04 or below sudoapt-add-repositoryppa:relan/exfatsudoapt-getupdatesudoapt-getinstallfuse- exfatCentOS Linux mount exfat format USB disk error solution to load extfa in CentOS
Linux type command
Mar 20, 2024 pm 05:06 PM
In this guide, we will learn more about the "type" command in Linux. Prerequisites: To perform the steps demonstrated in this guide, you need the following components: A properly configured Linux system. See how to create a LinuxVM for testing and learning purposes. Basic understanding of the command line interface The Type command in Linux is different from other Linux-specific commands (for example: ls, chmod, shutdown, vi, grep, pwd, etc.). The "type" command is a built-in Bash function that is displayed as an argument. Information about the command type provided. $type In addition to Bash, other shells (Zsh, Ksh, etc.) also come with
What information is required when registering a Deepseek account?
Mar 12, 2025 pm 02:33 PM
Required information: 1. Email registration; 2. Mobile phone number registration; 3. Third-party social platform registration. After successful registration, you usually need to fill in some basic personal information, such as nickname, gender, birthday, etc.
![How to solve '[Vue warn]: Invalid prop: type check' error](https://img.php.cn/upload/article/000/887/227/169306085649427.jpg?x-oss-process=image/resize,m_fill,h_207,w_330)
How to solve '[Vue warn]: Invalid prop: type check' error
Aug 26, 2023 pm 10:40 PM
How to Fix “[Vuewarn]:Invalidprop:typecheck” Error Vue.js is a popular JavaScript framework for building user interfaces. When developing applications using Vue.js, we sometimes encounter some error messages, one of which is "[Vuewarn]:Invalidprop:typecheck". This error is usually caused by incorrect use of attributes in the component
