如何实现一个php框架系列文章【5】安全处理输入
所有的外部输入参数都应该检查合法性。
未正确处理输入数据将可能导致sql注入等漏洞。
框架提供系列函数来取$_REQUEST中的值
requestInt
requestString
requestFloat
requestBool
ps:注意$_REQUEST中变量类型可能会是数组
如请求为 ?i[]=1,那么$_REQUEST['i'] 的值为array(1)
做校验的时候要考虑全面以防止php warning信息泄露
另外再介绍一下kv json格式的数据校验。
有时为了在项目中保留一定扩展性,会使用json格式的数据,这种数据又该如何校验呢。
//校验键值形式{k1:v1, k2:v2, k3:v3 ...}的json数据,可以对每一对kv进行校验
requestKvJson
部分实现代码
1 2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
//校验整数,失败返回$defaultfunction checkInt($var, $default = 0) { return is_numeric($var) ? intval($var, (strncasecmp($var, '0x', 2) == 0 || strncasecmp($var, '-0x', 3) == 0) ? 16 : 10) : $default;}//校验字符串 $check为正则表达式function checkString($var, $check = '', $default = '') { if (!is_string($var)) { if(is_numeric($var)) { $var = (string)$var; } else { return $default; } } if ($check) { return (preg_match($check, $var, $ret) ? $ret[1] : $default); } return $var;}/* 校验kv json, 如果想要一个这样的数据{id:1, 'type':'single_text', 'required': true, 'desc':'this is a text'} 那么$desc可以这样写 array( array('id', 'Int'), array('type', 'string', PATTERN_NORMAL_STRING), array('required', 'Bool', false), array('desc', 'string', PATTERN_NORMAL_STRING),))*/function checkKvJson($var, $desc = array()) { if(is_string($var)) { $var = json_decode($var, true); } if(!$var || !is_array($var)) { return array(); } if($desc) foreach($desc as $d) { if(!isset($var[$d[0]])) { return array(); } $ps = array_slice($d, 2); array_unshift($ps, $var[$d[0]]); $var[$d[0]] = call_user_func_array('check'.$d[1], $ps); if($var[$d[0]] === false && strcasecmp($d[1], 'Bool')) { return array(); } } return $var;} |
Optimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AMTooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AMSending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.
What is the best way to send an email using PHP?May 08, 2025 am 12:21 AMThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu
Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AMThe reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.
PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AMPHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
Atom editor mac version download
The most popular open source editor
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SublimeText3 Chinese version
Chinese version, very easy to use
