Codeigniter,安全搜索的最佳实践
[英]Codeigniter, best practice for safe search
问题描述
I am using codeigniter, and at the moment I am making full body search, and I am wondering what is the best practice to do this.
我正在使用 codeigniter,目前我正在进行全身搜索,我想知道执行此操作的最佳做法是什么。 For now I have this:现在我有这个:
$keyword = $this->db->escape_like_str(trim($_POST['keyword']));
After that, search is performed.之后,执行搜索。 Is this safe or I need to do something more (XSS Filtering is on)?这是安全的还是我需要做更多的事情(XSS 过滤打开)?
1 个解决方案
解决方案1
5 已采纳 2012-04-11 10:00:03
Because you are accessing the _POST variable directly, you're bypassing all CI's XSS/Escaping and security features.因为您直接访问 _POST 变量,所以您绕过了所有 CI 的 XSS/转义和安全功能。 You should be getting that as:你应该得到它作为:
$this->input->post('keyword');
This is automatically escaped by CI, and you can perform other validations before just throwing it at the DB.这会被 CI 自动转义,您可以在将其扔到数据库之前执行其他验证。 Also if you use active record , then all values are automatically escaped as required too.此外,如果您使用active record ,那么所有值也会根据需要自动转义。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.