stackoom
  简体   繁体   中英

Sanitizing/validating user supplied values in php

 原文  2011-03-24 15:01:38       php/ validation

Question

I have a function called InputFilter that I use for validating/sanitizing form data and I want to know how to implement it correctly into this? I need to run it through $_GET['media'] . The file that the function InputFilter is in is clean.php and if I try to include clean.php into this it makes my result pages not show when a search is performed. This script below is my search.php . Even when I paste the contents of clean.php into search.php it will make my result pages blank and I am not sure why. Is there any easy way to get this to work or a simple way to sanitize/validate $_GET['media'] ? 

$media = isset($_GET['media']) ? $_GET['media'] : 'no_media';
switch($media) {
 case 'all':
  include("all_media.php");
  break;
 case 'only':
  include("only_media.php");
  break;
 default:
  include("def_search.php");
}

I am open to any other way of securing $_GET['media'] .

1 answers

solution1
 1 ACCPTED  2011-03-24 15:08:01

The switch makes your script very save! No matter what anybody sets as media, there will be no security hole in this code.

To sanitize $_GET check the PHP method filter_input() .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Validating and Sanitizing user input in PHP Sanitizing and validating form php PHP Mail - Sanitizing and Validating for Basic Form sanitizing pre-filled user-supplied form input Sanitizing/Validating a PHP contact form which submits using jQuery Sanitizing user's data in GET by PHP PHP / MYSQL: Sanitizing user input - is this a bad idea? sanitizing html user inputs in php codeigniter validating user session in php validating array values in PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM