CI-清除引号中的表单输入
[英]CI - Sanitizing the form inputs from quotes
问题描述
I was facing an issue where if I submit characters like single quotes ( ' ) or double quotes ( " ) and if I retain the values after submitting the form, (due to validation failure, for instance), I was getting form values like ' and " 
我遇到的问题是,如果我提交单引号(')或双引号(“)之类的字符,并且在提交表单后保留值,(例如,由于验证失败),我将获得诸如'和“
I tried a lot of things like - 我尝试了很多类似的东西-
- accessing form values by
$this->input->post("field", true)instead of$_POST,通过$this->input->post("field", true)而不是$_POST访问表单值, - enabling XSS filtering from config, 从配置启用XSS过滤,
- using
$this->security->xss_clean($data);使用$this->security->xss_clean($data);
But nothing helped. 但是没有任何帮助。 Finally, I went to system\\helpers\\form_helper.php and changed function form_input at line 177 as follows - 最后,我转到system \\ helpers \\ form_helper.php并在第177行更改了函数form_input,如下所示:
Previous : $defaults = array('type' => 'text', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value); 上一页 : $defaults = array('type' => 'text', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => $value);
After : $defaults = array('type' => 'text', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => html_entity_decode($value, ENT_QUOTES, 'UTF-8')); 之后 : $defaults = array('type' => 'text', 'name' => (( ! is_array($data)) ? $data : ''), 'value' => html_entity_decode($value, ENT_QUOTES, 'UTF-8'));
This has solved my problem without any break so far. 到目前为止,这已经解决了我的问题,没有任何中断。
All I want to know if this is the correct way to serve the purpose? 我只想知道这是否是达到目的的正确方法?
1 个解决方案
解决方案1
1 已采纳 2014-12-30 22:55:23
I am not super sure about the issue you were having but editing the system file to fix it is not a great idea. 对于您遇到的问题,我不是很确定,但是编辑系统文件以修复它不是一个好主意。 You should never change anything in the system folder, the proper way to make your change would be to extend the form helper by creating the file application/helpers/MY_form_helper.php (using your own prefix, defined in application/config/config.php ) and inside the file override the function you want to change. 您永远不要更改系统文件夹中的任何内容,进行更改的正确方法是通过创建文件application/helpers/MY_form_helper.php (使用您自己的前缀,在application/config/config.php定义)来扩展表单助手。 ),然后在文件中覆盖您要更改的功能。 It should look something like this... 它应该看起来像这样...
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
if ( ! function_exists('form_input'))
{
/**
* Text Input Field
*
* @param mixed
* @param string
* @param string
* @return string
*/
function form_input($data = '', $value = '', $extra = '')
{
$defaults = array(
'type' => 'text',
'name' => is_array($data) ? '' : $data,
'value' => html_entity_decode($value, ENT_QUOTES, 'UTF-8')
);
return '<input '._parse_form_attributes($data, $defaults).$extra." />\n";
}
}
/* End of file MY_form_helper.php */
/* Location: ./application/helpers/MY_form_helper.php */
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.