在会话上实施安全性
[英]Implementing Security on Sessions
问题描述
How can I secure the data that my session posts so that to reduce injections?
如何保护我的 session 发布的数据以减少注入?
Is there perhaps something I need to add when I use $_SESSION[''] = $var;当我使用 $_SESSION[''] = $var; 时可能需要添加一些东西吗? or when I retrieve the data by $var = $_SESSION[''];?或者当我通过 $var = $_SESSION['']; 检索数据时?
1 个解决方案
解决方案1
1 2009-04-01 01:33:29
What do you mean by secure?你说的安全是什么意思? It depends on what you are going to eventually do with the data and the origin of the data, and in that case it doesn't vary from what you do for other variables.这取决于您最终将要对数据做什么以及数据的来源,在这种情况下,它与您对其他变量所做的没有什么不同。 If you are planning on displaying the data on the $_SESSION array, you should escape it with htmlentities or htmlspecialchars to prevent XSS, etc. If you are using the data in the $_SESSION array in a query, you should mysql_real_escape_string it (or, even better, use bound parameters) to prevent injection.如果您打算在$_SESSION数组上显示数据,则应使用htmlentities或htmlspecialchars对其进行转义以防止 XSS 等。如果您在查询中使用$_SESSION数组中的数据,则应mysql_real_escape_string它(或者,更好的是,使用绑定参数)来防止注入。 If you have full control of the data that is going into the $_SESSION , then there's not much to worry about.如果您可以完全控制进入$_SESSION的数据,则无需担心太多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.