本文介绍了有没有一种方法可以同时添加stripslashes和mysql转义字符串来清理数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我只是刚开始尝试学习php和mysql,所以我的知识水平对这两者都是相当原始的.
I'm just starting out and trying to learn php and mysql, so my level of knowledge is rather primitive to both.
我对stripslashes方法不太确定,所以我想知道下面的代码是否足够安全以防止对我的数据库进行SQL注入或其他恶意攻击?除了stripslashes方法之外,数据库还能从添加mysql_real_escape_string中受益吗?
I'm not too sure about the stripslashes method, so I wanted to know if the below code is secure enough to prevent an SQL injection or other malicious attack against my database? Would the database benefit from adding mysql_real_escape_string in addition to the stripslashes method?
$first = Trim(stripslashes($_POST['First']));
$last = Trim(stripslashes($_POST['Last']));
$city = Trim(stripslashes($_POST['City']));
$state = Trim(stripslashes($_POST['State']));
$country = Trim(stripslashes($_POST['Country']));
$email = Trim(stripslashes($_POST['Email']));
$tempt = $_POST['tempt'];
$tempt2 = $_POST['tempt2'];
if ($tempt == 'http://' && empty($tempt2)) {
$error_message = '';
$reg_exp = "/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$/";
if(!preg_match($reg_exp, $email)) {
$error_message .= "<p>A valid email address is required.</p>";
}
if (empty($first)) {
$error_message .= "<p>Please provide your first name.</p>";
}
if (empty($last)) {
$error_message .= "<p>Please provide your last name.</p>";
}
if (!empty($error_message)) {
$return['error'] = true;
$return['msg'] = "<p>The request was successful, but the form was not filled out correctly.</p>".$error_message;
echo json_encode($return);
exit();
} else {
$return['error'] = false;
$return['msg'] = "<p style='top:9px; color:#ff6000; left:63px; text-align:left; font-size:1.50em;'>".$first .", <p style='top:0px; width:100%; left:63px; text-align:left; line-height:1.1em;'>your subscription request has been processed.</p>";
echo json_encode($return);
}
} else {
$return['error'] = true;
$return['msg'] = "<p>There was a problem while sending this form. Try it again.</p>";
echo json_encode($return);
}
推荐答案
我已经创建了一个函数.只需传递要消毒的值即可.
I've created a function. Just pass in the value to be sanitized.
function clean($data) {
$data = trim($data);
$magic_quotes_active = get_magic_quotes_gpc();
$new_enougth_php = function_exists("mysql_real_escape_string");
if ($new_enougth_php) {
if ($magic_quotes_active) {
$value = stripslashes($data);
}
$value = mysql_real_escape_string($data);
} else {
if (!$magic_quotes_active) {
$value = addcslashes($data);
}
}
return $value;
}
这篇关于有没有一种方法可以同时添加stripslashes和mysql转义字符串来清理数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!