关于 PDO 希望确定我在选择查询后清理值时是对还是错,尤其是在避免 xss 攻击时。
$cagri_durumb = 1;
$bek_servis = $user_home->runQuery('SELECT * FROM cagri_kayitlari INNER JOIN
personeller ON cagri_kayitlari.cagri_servis_perid = personeller.per_id WHERE
cagri_durum = :cagri_durum AND cagri_islem_tarihi NOT BETWEEN :bugun AND
:yarin');
$bek_servis->bindParam(':cagri_durum', $cagri_durumb, PDO::PARAM_STR);
$bek_servis->bindParam(':bugun', $bugun, PDO::PARAM_INT);
$bek_servis->bindParam(':yarin', $yarin, PDO::PARAM_INT);
$bek_servis ->execute();
$bek_servisa = $bek_servis->fetchAll(PDO::FETCH_ASSOC);
foreach($bek_servisa as $servisa){
echo '<a href="servisbasla.php?id='.filter_var($servisa["cagri_id"],
FILTER_SANITIZE_NUMBER_INT).'" data-toggle="tooltip" data-placement="left"
title="'.filter_var($servisa['cagri_sebep'],
FILTER_SANITIZE_STRING).'">'.filter_var($servisa["cari_unvan"],
FILTER_SANITIZE_STRING).'</a> - '.filter_var($servisa["per_isim"],
FILTER_SANITIZE_STRING).' /
'.date("d.m.Y",strtotime($servisa['cagri_islem_tarihi'])).'<br />';}
在列出数据库中的值时,我是否必须在每个回声中使用 FILTER_SANITIZE.. 过滤器?
如果我必须使用它们,对于文本值,FILTER_SANITIZE_STRING 过滤器就足够了吗?