Home > Article > Backend Development > 这么能做到防注入
这么能做到防注入
- WBOYOriginal
- 2016-06-13 12:35:59836browse
这样能做到防注入?
<br />
function defend_xss($val){<br />
return is_array($val) ? $val : htmlspecialchars($val);<br />
}<br />
<br />
function gpc($name,$w = 'GPC',$default = '',$d_xss=1){<br />
global $curr_script;<br />
if($curr_script==ADMINCP){<br />
$d_xss = 0;<br />
}<br />
$i = 0;<br />
for($i = 0; $i < strlen($w); $i++) {<br />
if($w[$i] == 'G' && isset($_GET[$name])) return $d_xss ? defend_xss($_GET[$name]) : $_GET[$name];<br />
if($w[$i] == 'P' && isset($_POST[$name])) return $d_xss ? defend_xss($_POST[$name]) : $_POST[$name];<br />
if($w[$i] == 'C' && isset($_COOKIE[$name])) return $d_xss ? defend_xss($_COOKIE[$name]) : $_COOKIE[$name];<br />
}<br />
return $default;<br />
}<br />
<br />
<?php<br />
$test = gpc('test','P','')<br />
$userid = @$db->result_first("select userid from user where username='$test'");<br />
....以下代码省略<br />
?><br />
能做到防注入吗
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article: PHP中经过正则查找字符串 Next article: 文件上传,该怎么处理