I created sample select option code inside file tpl for use in the submission form to database, but I do not have enough experience to know if the field value {$submit_field1}
is protected!
PHP
$main_smarty->assign('Tags_Allow', htmlspecialchars($Tags_Allow));
$main_smarty->assign('submit_field1', $content->field1);
if(isset($_POST['field1'])){$content->field1 = sanitize($_POST['field1'], 4, $Tags_Allow);}
function sanitize($var, $santype = 1, $allowable_tags = ''){
if ($santype == 1) {
return strip_tags($var, $allowable_tags = '');
}
elseif ($santype == 2) {
return htmlentities(strip_tags($var, $allowable_tags),ENT_QUOTES,'UTF-8');
}
elseif ($santype == 3) {
return addslashes(strip_tags($var, $allowable_tags));
}
elseif ($santype == 4) {
return stripslashes(preg_replace_callback('/<([^>]+)>/is',
function($m) {
return '<'.sanitize($m[1],5).'>';
}, strip_tags($var, $allowable_tags)));
}
elseif ($santype == 5) {
return preg_replace_callback('/\son\w+\s*=/is',
function($m) {
return '';
},$var);
}
}
Template tpl
<select id="country" name="field1">
<option value="{$submit_field1}">Please Select</option>
<option value="United State">
United State
</option>
<option value="France">
France
</option>
<option value="Russia">
Russia
</option>
</select>
Is there anything else to be done for protect value that's inserted into {$submit_field1}
from SQL Injection Hacks, how to verify on input that it's acceptable?
If the question is: "How do I make sure the value that's inserted into {$submit_field1} is protected, meaning it is only a value we set and not from someone changing the value, then I would verify on input that it's acceptable.
You can check this by testing the value against an array of approved values when the form is submitted:
$values = [];
$values = ["United States","France","Russia"];
if (in_array($_POST['field1'], $values)) {
// Allow the form to submit
} else {
// Tell the user it's not allowed
}
If that's not really what you're looking for, explain what you mean by "protected" a little more please.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.