Home  >  Article  >  Backend Development  >  PHP Security Common Sense Verification Data_PHP Tutorial

PHP Security Common Sense Verification Data_PHP Tutorial

WBOY
WBOYOriginal
2016-07-15 13:29:02897browse

LearningYour users are probably pretty good, and most of them are probably using the app exactly as expected. But wherever there is an opportunity for input, there is also a high probability of very bad input. As an application developer, you must prevent your application from accepting incorrect input. Careful consideration of the location and correct value of user input will allow you to build a robust, secure application.

Listed below are general validation tips for various types of validation data:

Use values ​​from a whitelist

Always revalidate limited options

Use built-in escaping functions

Verify correct data type (e.g. number)

White-listed value is the correct value, as opposed to invalid black-listed value. The difference between the two is that typically when validating data, the list or range of possible values ​​is smaller than the list or range of invalid values, many of which may be unknown or unexpected values.

When validating data to keep PHP secure, remember that it is often easier to design and validate the values ​​your application allows than to protect against all unknown values. For example, to limit a field value to all numbers, you need to write a routine that ensures that the input is all numbers. Do not write routines that search for non-numeric values ​​and mark them as invalid when they are found.


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/446401.htmlTechArticleYour users may be very good at learning, and most of them may use the application exactly as expected. However, as long as the opportunity for input is provided, it is very likely that there will be very...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn