[英]how sanitize input codeigniter 3?
First of all I should remind you that I have read this post and few other posts about my question but most of all are almost old and they are for about 3 years ago.首先,我应该提醒您,我已经阅读了这篇文章和其他一些关于我的问题的文章,但大多数文章几乎都已经过时了,大约 3 年前。
Now I'm using CodeIgniter 3 and I want to know what's the best sanitize filter for my data which I'm retrieving them from users before insert into database.现在我正在使用 CodeIgniter 3,我想知道什么是我的数据的最佳清理过滤器,我在插入数据库之前从用户那里检索它们。
This is for my website to register and and I don't know what kind of user is registering and I can't trust them.这是我的网站注册的,我不知道注册的是哪种用户,我不能相信他们。 And it is possible that it will be dangerous I want to sanitize all input before inserting it into database I don't know
input
class enough for sanitizing it ?我想在将所有输入插入数据库之前对其进行消毒可能会很危险我不知道
input
类足以对其进行消毒吗?
Please tell me the codeigniter sanitizing functions !请告诉我 codeigniter 消毒功能!
I have read security classs in codeigniter document, but I want to be sure.我已经阅读了 codeigniter 文档中的安全类,但我想确定一下。
According to the Docs , the input
class, does the following:根据Docs ,
input
类执行以下操作:
So, this solves the issue of SQL injection and XSS.所以,这就解决了SQL注入和XSS的问题。 For most usages, this is enough.
对于大多数用途,这已经足够了。
To enable XSS
protection, use:要启用
XSS
保护,请使用:
$val = $this->input->post('some_data', TRUE); // last param enables XSS protection.
Also, you may want to look into CSRF
protection.此外,您可能想研究
CSRF
保护。 But that's a bit tricky to enable if you're doing ajax calls.但是,如果您正在执行 ajax 调用,启用它有点棘手。
Before accepting any data into your application, whether it be POST data from a form submission,URI data,you must follow these step:在接受任何数据到您的应用程序之前,无论是来自表单提交的 POST 数据还是 URI 数据,您都必须遵循以下步骤:
XSS Filtering XSS 过滤
This filter looks for commonly used techniques to embed malicious JavaScript into your data此过滤器查找常用技术以将恶意 JavaScript 嵌入到您的数据中
To filter data through the XSS filter use the xss_clean()
method: Read More要通过 XSS 过滤器过滤数据,请使用
xss_clean()
方法: 阅读更多
Validate the data验证数据
CodeIgniter has a Form Validation Library that assists you in validating, filtering, and prepping your data CodeIgniter 有一个表单验证库,可帮助您验证、过滤和准备数据
$this->form_validation->set_rules('username', 'Username','trim|required|min_length[5]|max_length[12]');
trimming the fields, checking for length where necessary and making sure that both password fields match.修剪字段,在必要时检查长度并确保两个密码字段匹配。 Read more
阅读更多
Escape all data before database insertion数据库插入前转义所有数据
Never insert information into your database without escaping it.永远不要在不转义的情况下将信息插入到您的数据库中。
Refer query builder class for more info https://www.codeigniter.com/userguide3/database/query_builder.html有关更多信息,请参阅查询构建器类https://www.codeigniter.com/userguide3/database/query_builder.html
More info更多信息
Codeigniter does not make your application secyre see this https://security.stackexchange.com/questions/97845/how-secure-is-codeigniter-3-x Codeigniter 不会让您的应用程序保密看到这个https://security.stackexchange.com/questions/97845/how-secure-is-codeigniter-3-x
Everything really depends on the developer.frameworks will only provide a structure to build your applications.You will be more secure if you write core php.一切都取决于开发人员。frameworks 只会提供一个结构来构建您的应用程序。如果您编写核心 php,您将更安全。
Further Links:更多链接:
How do you use bcrypt for hashing passwords in PHP? 你如何使用 bcrypt 在 PHP 中散列密码?
Are PDO prepared statements sufficient to prevent SQL injection? PDO 准备好的语句是否足以防止 SQL 注入?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.