对于使用 $_GET 的页面重定向来说,这种清理是否可以/足够?
我使用 $_get 进行简单的页面重定向。 我才刚刚开始学习如何清理用户输入,所以我想知道下面的代码是否可以。对于这个特定的代码是否有其他推荐的清理方法?如果是,为什么?
关于下面的代码。我检查了用户是否输入了一个值,然后在重定向之前将该值与可接受值的列表进行匹配。
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$PAGES = array('a', 'b', 'c', 'd', 'z');
if (empty($_GET['letter'])) {
$_GET['letter']="a";
}
if (!in_array($_GET['letter'], $PAGES)) {
$_GET['letter']="a";
}
$letter=$_GET['letter'];
$goto=$letter .".php";
header("Location: http://$host$uri/$goto");
I'm using $_get for a simple page redirection.
I've only just started learning about sanitizing user input, so I was wondering if the below code was ok. Is there any other sanitization that is recommended for this particular code? If yes, why?
About the code below. I checked that the user entered a value and then matched the value against a list of acceptable values before redirecting.
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$PAGES = array('a', 'b', 'c', 'd', 'z');
if (empty($_GET['letter'])) {
$_GET['letter']="a";
}
if (!in_array($_GET['letter'], $PAGES)) {
$_GET['letter']="a";
}
$letter=$_GET['letter'];
$goto=$letter .".php";
header("Location: http://$host$uri/$goto");
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
当您将 $_GET['letter'] 保留在一组 $PAGES 中时,我认为您会没事的。但是,你的代码实在是太糟糕了!
也许这会对您有所帮助:
带有 GET 请求的 PHP 切换
也许您会对使用 Zend Framework MVC 感兴趣。
http://framework.zend.com/manual/en/zend。 controller.quickstart.html
您还可以找到 mod_rewrite 的示例。阅读愉快!
As log as you keep $_GET['letter'] in a set of $PAGES i think you 'll be fine. However, your code is really bad!
May be this will help you:
PHP switch with GET request
Maybe you would be interested to use Zend Framework MVC.
http://framework.zend.com/manual/en/zend.controller.quickstart.html
You will find examples with mod_rewrite also. Happy reading !!!
Apache,mod_rewrite 对此会更好。
Apache, mod_rewrite would be much better for this.