开发者

how can i maximally check $_GET,$_POST variables for security issues? [duplicate]

问答 作者:
This question already has answers here: Closed 11 years ago.

Possible Duplicate:

Best way to defend against mysql injection and cross site scripting

Validating user input?

I know that for mysql I can use > mysql_real_escape_string开发者_如何转开发 but what can I use for php server side to maximally secure it from hacking ? Is there any ultimate way to do it ? If not please write all possible ways to minimize threat of hacking the site.

Best way? Sanitize it when you need it

Often times I see things like

Bad code 

foreach ($_GET as $k => $v){
  $_GET[$k] = MyUberSanitizeFunction($v);
}

But that works very few times, and is very much type specific (i.e. in one instance an ID may only want to be numbers, but not every value should be stripped of non-numerics).

Worry about cleansing the information when you need it. If you're going to use it multiple times, cleanse it in to a stored variable, then work with it. But don't worry about "mass sanitizing" on every query request.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9