2

codeigniter 安全性的一件事是检查 uri 是数字还是我们期望的东西!这是代码:

$this->load->helper('form');
    $this->load->library('pagination');
    $config['permitted_uri_chars'] = '0-9'; 
    $config['base_url'] = '/member/index';
    $config['per_page'] = 5;
    $config['num_links'] = 10;
    $query_not_voted_rows = "SELECT p_id FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').")";
    $config['total_rows'] = $this->db->query($query_not_voted_rows)->num_rows();
    $config['full_tag_open'] = '<div id="pagination">';
    $config['full_tag_close'] = '</div>';
    $this->pagination->initialize($config);

    if($this->uri->segment(3) == '')
    {
        $segment_url = 0;
    }else{
        $segment_url = $this->uri->segment(3);
    }
    $query_not_voted = "SELECT * FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').") LIMIT ".$segment_url.", ".$config['per_page'];

但是如果现在有人在 uri 段中输入:“kdkdkdd”,那么 sql 就会中断,因为$segment_url是 kdkdkdd 而不是数字!

那么问题来了,如何逃避呢?

4

2 回答 2

3

这是我的简单解决方案:

if($this->uri->segment(3) == '')
        {
            $segment_url = 0;
        }else{
            if(!is_numeric($this->uri->segment(3))){
            redirect('404');
            }else{
            $segment_url = $this->uri->segment(3);
            }
        }

但是,如果有人对此有任何更好的想法或教程,请...

于 2010-12-27T18:30:45.473 回答
0

干得好=)

回答 1 +

<?
$cadena = "sdfio9874673o4h784";

for ($i=0; $i<strlen($cadena); $i++) {
if (is_numeric($cadena[$i])) {$cadena2.=$cadena[$i];}
}

echo $cadena2;
?>

=很好的代码

于 2011-01-16T04:19:18.360 回答