admin管理员组

文章数量:1400614

I've been running and developed a classified site now for the last 8 months and all the bugs were due to only one reason: how the users input their text...

My question is: Is there a php class, a plugin, something that I can do

$str = UltimateClean($str) before sending $str to my sql??

PS. I also noticed the problems doubled when i started using JSON, because I also have to be careful outputting the result in JSON..

Some issues I faced: multi-language strings (different charsets), copy-paste from Excel sheets.
Note: I am not worried for SQL Injections.

I've been running and developed a classified site now for the last 8 months and all the bugs were due to only one reason: how the users input their text...

My question is: Is there a php class, a plugin, something that I can do

$str = UltimateClean($str) before sending $str to my sql??

PS. I also noticed the problems doubled when i started using JSON, because I also have to be careful outputting the result in JSON..

Some issues I faced: multi-language strings (different charsets), copy-paste from Excel sheets.
Note: I am not worried for SQL Injections.

  • php
  • javascript
  • mysql
  • json
Share Improve this question edited Dec 2, 2014 at 18:00 Kzqai 23.1k27 gold badges112 silver badges138 bronze badges asked Oct 18, 2011 at 16:52 FrancescoFrancesco 25.3k32 gold badges108 silver badges159 bronze badges 1
  • possible duplicate of Is this a safe/strong input sanitization function? or Is htmlentities() and mysql_real_escape_string() enough for cleaning user input in PHP? or any of the other search results. Your JSON inquiry needs elaboration. – mario Commented Oct 18, 2011 at 17:00
Add a ment  | 

1 Answer 1

Reset to default 14

No, there isn't.

Different modes of escaping are for different purposes. You cannot universally escape something.

For Databases: Use PDO with prepared queries

For HTML: Use htmlspecialchars()

For JSON: json_encode() handles this for you

For character sets: You should be using UTF-8 on your page. Do this, and set your databases accordingly, and watch those issues disappear.

本文标签: javascriptThe holy grail of cleaning input and output in phpStack Overflow

版权声明:本文标题:javascript - The holy grail of cleaning input and output in php? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744260520a2597693.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。