Detailed explanation of PHP CodeIgniter study notes_PHP tutorial

What I made today is a simple table page. I used Bootstrap on the front end. There is no way, I don’t know art, so I can only use other people’s tools. BS is really beautiful and has rich plug-ins. It is worthy of being created by Twitter engineers.

(Chinese official website: http://www.bootcss.com) Everyone likes good things, but its compatibility with IE6-9 is almost 0. As everyone knows, these browsers are basically no longer used abroad. However, in China, IE still occupies a high market share. Therefore, someone developed a Bootstrap plug-in called BSIE, which is euphemistically called "Despise IE" and the method of use is quite simple. It seems a bit off topic, I use CodeIgniter for the backend, which is an open source framework based on PHP. CI is today’s topic.

Because CI’s only data filtering function is xss_clean() (I don’t know if it’s because of my lack of knowledge, but I haven’t found other filtering functions) and today’s project involves receiving user data and then submitting the database operation. There is no filtering for SQL statements, making this operation very dangerous. A little worried, the way I thought of was to rewrite CI's xss_clean() function to have the function of filtering SQL injection statements; firstly, it is convenient to change, and secondly, there is no need to nest two functions when filtering data. Just do it, find the secure.php file in the CI/system/core/ directory, find the declaration location of the xss_clean() function, and add this paragraph at the end.

PHP code

代码如下

复制代码

$str = str_replace("_","x",$str);     $str = str_replace("%","x",$str);     $str = str_replace(""","x",$str);     $str = str_replace("'","x",$str);     $str = str_replace("select","x",$str);     $str = str_replace("update","x",$str);     $str = str_replace("insert","x",$str);    $str = str_replace("set","x",$str);    $str = str_replace("where","x",$str);    $str = str_replace("from","x",$str);    $str = str_replace("alert","x",$str);     $str = str_replace("like","x",$str);    return $str;

This can almost avoid general SQL injection.

http://www.bkjia.com/PHPjc/628693.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/628693.htmlTechArticleWhat I made today was a simple table page. I used Bootstrap on the front end. There is no way, I don’t know art, so I can only use other people’s tools. BS is really beautiful and has rich plug-ins, as expected...