[英]Validation of user input or ���������
We're letting users search a database from a single text input and I'm having difficulties in filtering some user supplied strings. 我们让用户从单个文本输入中搜索数据库,并且我在过滤一些用户提供的字符串时遇到了困难。
For example, if the user submits: 例如,如果用户提交:
��������� lcd SONY
(Note the ?'s) I need to cancel the search. (注意?)我需要取消搜索。
I include the base64 encoded version of the above string wrapped up so that its easy run: 我包括上面的字符串的base64编码版本,以便它运行:
print(base64_decode("1MfLxc/RwdPHIGxjZCBTT05Z"));
I've ignored such inputs before but now (am not sure why) just realised the mysql database query is taking nearly forever to execute so this is now on high priority. 我之前忽略了这些输入但是现在(我不知道为什么)只是意识到mysql数据库查询几乎永远执行所以现在这是高优先级。
Another example to highlight that we are using utf-8 and mb_detect_encoding is not helping much: 另一个强调我们使用utf-8和mb_detect_encoding的例子没有多大帮助:
print(base64_decode("zqDOm8+Fzr3PhM63z4HOuc6/IM+Bzr/Phc+HzyU="));
ΠΛυντηριο ρουχ�%
So: 所以:
You shouldn't be getting that, although if you really want to filter (which I don't reccommend), do a check for alphanumeric as well as "-.;", etc. 您不应该这样做,虽然如果您真的想要过滤(我不推荐),请检查字母数字以及“ - 。;”等。
You can use some of these functions to help you in the filtering process. 您可以使用其中一些功能来帮助您完成过滤过程。
http://www.php.net/manual/en/function.ctype-alnum.php http://www.php.net/manual/en/function.ctype-alnum.php
If you execute these queries after creating the connection to mysql, it should handle utf-8 input and results just fine without spitting out ?'s. 如果在创建与mysql的连接后执行这些查询,它应该处理utf-8输入并且结果很好而不会吐出?
mysql_query("SET character_set_client=utf8", $mysqlConn);
mysql_query("SET character_set_connection=utf8", $mysqlConn);
mysql_query("SET character_set_results=utf8", $mysqlConn);
(assuming the database is set to utf-8 and you don't mind not filtering them if they don't turn into ?'s) (假设数据库设置为utf-8,你不介意不过滤它们,如果它们没有变成?)
(also assuming you are using mysql, other dbms probably have similar functions) (也假设你使用的是mysql,其他dbms可能有类似的功能)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.