php - Can this be a efficent and reliable way to purify user's input? -


How am I thinking about setting up a clever way to 'clear' all my input, run at startup For every process of my script, I thought of creating a class to do this, and then, add two letter prefix at the beginning of each input to identify the type of input, for example: 

  in-mynumber tx-name Therefore, I head on top of my script FunInf FunIn (for example):  
  function cleanInputs ()  
 
 foreign currency ($ _ $$$$ TaintedKey = & Gt; $ taintedValue) Get {$ prefix = substr ($ $ 1, $ 2); Switch ($ prefix) {case 'in': // I think this input is an integer $ cGet [$ Dag] = intestine ($ tainted value); break; The case 'tx': // I can input this value to a normal text // if onely include letters, numbers and some symbols, then (preg_match ($ regexp, $ taintedValue)) {$ cGet [$ taintedKey] = $ TaintedValue; } And {$ cGet [$ taintedKey] = false; }                 break; Case 'em: // If this value input is a valid email (preg_match (' / ^ [one-zA-Z0-9 -_.] @ [One-zA-Z0-9 -_.]] [A- GA-Z] {$ 2,4} $ / ', $ Takedy Value) {$ cGet [$ Drawn] = $ Tainted Price; } And {$ cGet [$ taintedKey] = false; }                 break; }}}

.. Then I will create other 2 arrays, $ cGet and $ cPost with $ $ _GET and $ _POST of clean data respectively, and for example in my script i'lllook To use those arrays, forget ... completely forgot the posting $ _GET / $ _ I'm also thinking about adding a second prefix that will determine the maximum length of the input: tx-25- name im .. but beautiful Not sure about that .. And if I take it this way, then maybe an OOP approach is too much Su will.

What do you think about it? Can be a good way to use?

There is a negative sign that I can actually see (I was still used in this way, it is a surprise this morning) 1. Prefix, and therefore processes, if I want to If my application is not very restrictive, then there may be a lot; 2. The names of the variables sent to me will be left for some time (but we are talking 3-6 characters, there should not be a problem)

Any suggestion is really appreciating!

Edit:

I am not triangular to change the wheel again, my post was not about sitemating instrument system, but it The process of doing is about. I use htmlimpifier to clean XSS injection in HTML data, and of course I use parameterized queries. Im just thinking that taking input from better input, or initializing them all sanitize and they rest in the rest script idea idea method i do not miracolous yougt and there is no new thing under the sun, but i think that the input is small Due to the format that I think, useful ...

may not be in

Why check for SQL injection in the 'Name' field should only contain letters and Astrophysics four? Just remove everything that is not a letter or apocalypse, add a slash to the last one, and run it in a parametric query. Then, if you factor in an email, remove everything that is not an email.

This idea is right in itself, but I wonder if it will really be very useful.

For one thing, SQL injection and HTML injection can be protected in another way () SQL injection is prevented from parametric queries (should be of this day and age); And HTML injection is stopped with the htmlspecialchars () method, which should be called before user is output string . Do not store encoded strings in DB (or worse) - Prompt them immediately after receiving them. Working with them will later be a hell.

In addition to these two injection attacks, what will your method do? Well, it can do some regenges for stuff like accessories, phone numbers, emails, names and dates. but that's about it. Unfortunately, this is just a part of all assumptions that you have to do. Other common matters are that you see cross-checking (the start date of the last date before the end date), and check that a value allowed is in a list of predefined values ​​(say, a & lt ; Selection & gt; element). And you also have custom verification steps in your application that you will have. Is it fair to break all beliefs in "General Type Verification" and "Custom Rule Validation"? I do not know. Maybe. Or maybe it will just make a big mess


Comments

Post a Comment

Popular posts from this blog

python - Overriding the save method in Django ModelForm -

I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
Read more

html - CSS autoheight, but fit content to height of div -

I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
Read more

qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
Read more