将字符串编码转换为UTF-8
[英]Casting string encoding to UTF-8
问题描述
I am building my own PHP framework, and I want on each request to convert each get and post variable to utf8 (I don't use other encodings anywhere in my current project) to prevent my projects from "Invalid Encoding Attack" or binary atack. 
我正在构建自己的PHP框架,我希望每个请求将每个get和post变量转换为utf8(我不在当前项目中的任何地方使用其他编码)来阻止我的项目“无效编码攻击”或二进制攻击。 I found utf8_encode in php.net, but it says that converts ISO-8859-1 to UTF8 only. 我在php.net中找到了utf8_encode,但它说只将ISO-8859-1转换为UTF8。 I want to know is it a big deal to cast everything to utf8, or this cannot do anything in common with security (I want to decrease the security holes as much as possible). 我想知道将所有内容都转换为utf8是一件大事,或者这与安全性无关(我希望尽可能减少安全漏洞)。
3 个解决方案
解决方案1
1 2011-09-26 14:53:25
@nikolay, mb_convert_encoding() is your friend. @ nicolay, mb_convert_encoding()是你的朋友。 Have a look here . 看看这里 。
Additionally, if you set the encoding of all web-pages to UTF-8, there's no need to convert manually. 此外,如果您将所有网页的编码设置为UTF-8,则无需手动转换。 Add this to each page's head section: 这种添加到每个页面的head部分:
<meta charset="utf-8" />
解决方案2
1 2011-09-26 14:56:00
If your goal is to protect yourself from invalid encoding attacks, then you should use 如果您的目标是保护自己免受无效编码攻击,那么您应该使用
mb_check_encoding()
on your GET/POST values before using them. 在使用它们之前的GET / POST值。
But you don't need to convert anything - eg using mb_convert_encoding(): if you use the appropriate Content-Type and <meta> tag, specifying your page is in UTF-8, you are guaranteed that normal users will send you only UTF-8. 但是你不需要转换任何东西 - 例如使用mb_convert_encoding():如果你使用适当的Content-Type和<meta>标签,指定你的页面是UTF-8,你可以保证普通用户只会向你发送UTF -8。
解决方案3
0 2011-09-26 14:53:57
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.