我有一些结构如下的链接......
http://domain.com?problem_id=23&course_id=4
GET“字段”(problem_id 和 course_id)的预期值是整数。我可以通过简单地说...来验证这些数据吗?
if (is_numeric($_GET['problem_id'])){
//It's safe, so do stuff.
} else {
echo 'It appears you submitted a problem incorrectly. Please contact us for assistance';
exit;
}
或者这仍然像 sql 注入等那样令人讨厌?
提议的解决方案
$int_problem_id = (int) $_GET['problem_id'];
if (ctype_digit($int_problem_id)){
//It's safe, so do stuff.
} else {
echo 'It appears you submitted a problem incorrectly. Please contact us for assistance';
exit;
}