Codeigniter 插入批处理的安全性?视频教程
如果我使用insert_batch,有人知道如何防止用户在codeigniter上输入吗?对不起,英语不好 代码是这样的Codeigniter 插入批处理的安全性?视频教程,codeigniter,xss,Codeigniter,Xss,如果我使用insert_batch,有人知道如何防止用户在codeigniter上输入吗?对不起,英语不好 代码是这样的 $data[] = array( 'id_invoice' => $this->input->post('id_invoice'), 'id_product' => $key['id_product'], 'id_fa
$data[] = array(
'id_invoice' => $this->input->post('id_invoice'),
'id_product' => $key['id_product'],
'id_fabrics' => $key['id_fabric'],
'id_option' => $id_option,
'name' => $key['name'],
'number' => $key['number'],
'id_size' => $key['size'],
'comment' => $key['comment']);
$this->orders->insert_order_mix($data);
然后像这样使用insert-batch
$data[] = array(
'id_invoice' => $this->input->post('id_invoice'),
'id_product' => $key['id_product'],
'id_fabrics' => $key['id_fabric'],
'id_option' => $id_option,
'name' => $key['name'],
'number' => $key['number'],
'id_size' => $key['size'],
'comment' => $key['comment']);
$this->orders->insert_order_mix($data);
我认为您对批量插入的概念感到困惑。请仔细了解批量插入。现在,对于你的问题,正如前面所说的,现在关注安全是非常好的 始终筛选输入和转义输出,从不信任数据 您可以使用来保护您的数据 例如 或
此外,您可以通过在表单中使用避免跨站点请求伪造谢谢您的回答,我不确定您的回答,因为我使用ajax获取数据,数据是数组格式的,这是我在controller上处理的代码
if (!$this->input->is_ajax_request()) {
exit('No direct script access allowed');
} else {
$input = $this->input->post('ar_dat');
$option = $this->input->post('list_option');
if ($option == null){
$id_option = '';
} else {
$id_option = implode(',',$option);
}
foreach ($input as $key) {
$data[] = array(
'id_invoice' => $this->input->post('id_invoice'),
'id_product' => $this->input->post('id_product'),
'id_fabrics' => $this->input->post('id_fabric'),
'id_option' => $id_option,
'name' => $key['name'],
'number' => $key['number'],
'id_size' => $key['size'],
'comment' => $key['comment']);
}
$this->orders->insert_order_uniform($data);
}
如此简单,您可以从用户输入中删除滥用标记和数据
此方法使用[removed]关键字清除所有滥用数据
如果用户可以输入任何脚本,那么XSS过滤将按照以下步骤删除
$name = '<script>Your Name</script>';
echo $name; // Output : <script>Your Name</script>
// But you use XSS then output is change as per below
$name = '<script>Your Name</script>';
$name = $this->security->xss_clean($name);
echo $name; // Output : [removed]Your Name[removed]
使用
$this->input->post('id\u invoice',true)
中的第二个参数true
,以防止注射。我正在尝试您的建议,但有相同的输出我的最终操作可能需要使用htmlspecialchars,谢谢您的回答
$name = '<script>Your Name</script>';
echo $name; // Output : <script>Your Name</script>
// But you use XSS then output is change as per below
$name = '<script>Your Name</script>';
$name = $this->security->xss_clean($name);
echo $name; // Output : [removed]Your Name[removed]
// Change global_xss_filtering value FALSE to TRUE;
/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;