【问题标题】:how to remove html and javascript from input field before sending to server如何在发送到服务器之前从输入字段中删除 html 和 javascript
【发布时间】:2014-01-31 15:49:36
【问题描述】:
<form action="process_reg.php" method="post" name="register_form" id="register_form">
        <input class="logbar" id="fname" name="fname" type="text" placeholder="Firstname" onfocus="CheckFname();  return true;" onblur="leaveFname();"  required>
        <span id="fnameMessage"></span>
        <input class="logbar" id="lname" name="lname" type="text" placeholder="Lastname" onfocus="CheckLname();  return true;" onblur="leaveLname();"   required>
        <span id="lnameMessage"></span>
        <input class="logbar" id="email" name="email" type="text" placeholder="Email" onfocus="CheckEmail();" onblur="leaveEmail();" required>
        <span id="emailMessage"></span>
        <input class="logbar" id="password" name="password" type="password" placeholder="Password" keyev="true"  required >
        <input class="logbar" id="password2" name="password2" type="password" placeholder="Confirm Password" onkeyup="checkPass(); return false;" required>
        <span id="confirmMessage" class="confirmMessage"></span>
        <input value="Logga in" type="button" onclick="formhash(this.form, this.form.password);" id="register">
</form>

并给出了我在此表单上应用的 Sanitize/XSS 保护

if (empty($_REQUEST) === false)
{
    $regemail1 = filter_input('INPUT_REQUEST', 'email', 'FILTER_SANITIZE_EMAIL');
    $regfirst1 = filter_input('INPUT_REQUEST', 'fname', 'FILTER_SANITIZE_SPECIAL_CHARS');
    $reglast1 = filter_input('INPUT_REQUEST', 'lname',  'FILTER_SANITIZE_SPECIAL_CHARS');

    $regpass = $_POST['p'];

    $regemail = htmlspecialchars($regemail1);
    $reglast = htmlspecialchars($reglast1);
    $regfirst = htmlspecialchars($regfirst1);

    $regemail = 



}

当我输入 Hi 时,它会停止标签的功能,这是完美的。但我只想将文本发送到数据库并删除所有其他内容。

【问题讨论】:

    标签: sanitize


    【解决方案1】:

    在下面的示例中发送到服务器的唯一值是输入字段,您不会将 html 发送到服务器。

    <input class="logbar" id="password" name="password" type="password" placeholder="Password" keyev="true"  required >
    

    你总是通过printfecho检查你在服务器中得到了什么

    【讨论】:

      猜你喜欢
      • 2020-02-25
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-06-12
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多