Php 清理查询字符串的最佳方法是什么?
确保$page和$getVars干净安全的最佳方法是什么Php 清理查询字符串的最佳方法是什么?,php,security,Php,Security,确保$page和$getVars干净安全的最佳方法是什么 //fetch the passed request $request = $_SERVER['QUERY_STRING']; //parse the page request and other GET variables $parsed = explode('&', $request); //the page is the first element $page = array_shift($parsed); //the
//fetch the passed request
$request = $_SERVER['QUERY_STRING'];
//parse the page request and other GET variables
$parsed = explode('&', $request);
//the page is the first element
$page = array_shift($parsed);
//the rest of the array are GET statements, parse them out;
$getVars = array();
foreach($parsed as $argument)
{
//split GET vars along '=' symbol to seperate the variable and its value
list($variable, $value) = explode('=', $argument);
$getVars[$variable] = $value;
}
在您的情况下,您只想使用$\u GET或$\u REQUEST,而不是其他人已经提到的$\u SERVER['QUERY\u STRING'] 为了验证和清理变量,您应该看看PHP5.2中引入了哪些变量。您还可以找到一些类似的示例:
if (filter_var('0.0.0.0', FILTER_VALIDATE_IP) !== false) {
// IP address is valid
}
相关人士:谢谢。刚开始学习-就像我在教程中看到的那样。我个人对清洁的偏好是Arm&Hammer或Tide。好的,从扔掉你在教程中看到的代码开始。
$options = array(
'options' => array(
'min_range' => 0,
'max_range' => 2,
)
);
if (filter_var(1, FILTER_VALIDATE_INT, $options) !== false) {
// 1 is between 0 and 2
}