PHP input sanitizer?

2018-06-07 00:49:05

What are some good PHP html (input) sanitizers?

Preferably, if something is built in - I'd like to us that.

UPDATE :

Per the request, via comments, input should not allow HTML (and obviously prevent XSS & SQL Injection, etc).

html净化器 - > http://htmlpurifier.org/

I've always used PHP's addslashes() and stripslashes() functions, but I also just saw the built-in filter_var() function (link). Looks like there are quite a few built-in filters.

If you want to run a query that use let's say $_GET['user'] a nice solution would be to do something like this using mysql_real_escape_string():

<?php

    $user = mysql_real_escape_string($_GET['user']);
    $SQL = "SELECT * FROM users WHERE username = '$name'";

    //run $SQL now
    ...
?>

If you want to store a text in a database and then print it on a web page, consider use htmlentities

[Edit]Or as awshepard said, you can use addslashes() and stripslashes() functions[/Edit]

Here is a little example of sanitization when it comes to prevent XSS attacks:

<?php
    $str = "A 'quote' is <b>bold</b>";

    //Outputs: A 'quote' is <b>bold</b>
    echo $str;

    // Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;
    echo htmlentities($str);

    // Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;/b&gt;
    echo htmlentities($str, ENT_QUOTES);
?>

链接地址: http://www.djcxy.com/p/21644.html

上一篇: 简单的用户输入消毒

下一篇: PHP输入消毒剂？