January 2021
Intermediate to advanced
505 pages
9h 45m
Chinese
Content preview from PHP编程:第4版
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
314
|
第
14
章
安全
这个过滤器只允许字母、空格、连字符和单引号(撇号),并且它用了之前所述的白名
单方式。在这种情况下,白名单是有效字符的列表。
通常情况下,过滤是保证数据完整性的处理过程。尽管很多网页程序的安全缺陷只通过
过滤就可以预防,但还有大部分问题是由于数据转义失败而导致的,两种预防措施不能
互相替代。
转义输出
转义
是保护数据进入另一个上下文的技术。
PHP
常被用作桥接不同的数据源,而且当将
数据发送到远程数据源时,你有义务做好准备以免被错误解释。
例如,在发送到
MySQL
数据库的
SQL
查询语句中时,
O'Reilly
被认为是
O\'Reilly
。
单引号前的反斜杠是为了在
SQL
查询的上下文中保留单引号。这个单引号是数据的一部
分,不是查询的一部分,转义保证了这个解释。
PHP
程序把数据发送到两个主要远程数据源 :用来解释
HTML
、
Java Script
和其他客
户端技术的
HTTP
客户端(网页浏览器);解释
SQL
的数据库。
PHP
为前者提供了
htmlentities()
函数 :
$html = array();
$html['username'] = htmlentities($clean['username'], ENT_QUOTES, 'UTF-8');
echo "<p>Welcome back, {$html['username']}.</p>";
这个示例示范了另一个命名约定。
$html
数组类似
$clean
数组,只不过它的目的是为
HTML
的上下文保存可以安全使用的数据。
URL
有时候会嵌入 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.