stackoom
  简体   繁体   中英

User input validation before sanitizing?

 原文  2014-10-02 15:39:02       php/ validation/ html-entities/ sanitize

Question

If I want to validate user input, is it necessary to sanitize it beforehand? 

$age = $_POST['age'];
if ($age == 18) {
    echo 'is 18';
}
else
{
    echo 'Is not 18';
}

does this example leave me vulnerable to attack? Should I have sanitised age before the if/else block?

$age = htmlentities($_POST['age'])

or

$age = stripslashes($_POST['age'])

1 answers

solution1
 3 ACCPTED  2014-10-02 15:49:35

There is no possibility of any attack here. The input string is not evaluated as code or otherwise attempted to be executed in any way. You're just comparing a string to another string/number, which is a safe operation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sanitizing user input, is it safe? Validating and Sanitizing user input in PHP Sanitizing/Escaping user input and output Sanitizing user input as part of an url if/else function that handles PHP email user input form sanitization and validation not sanitizing Sanitizing text input before submitting to MySQL database Sanitizing user input without converting to htmlentities PHP / MYSQL: Sanitizing user input - is this a bad idea? sanitizing pre-filled user-supplied form input Sanitizing HTML Input with Trix
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM