【发布时间】:2014-01-31 15:49:36
【问题描述】:
<form action="process_reg.php" method="post" name="register_form" id="register_form">
<input class="logbar" id="fname" name="fname" type="text" placeholder="Firstname" onfocus="CheckFname(); return true;" onblur="leaveFname();" required>
<span id="fnameMessage"></span>
<input class="logbar" id="lname" name="lname" type="text" placeholder="Lastname" onfocus="CheckLname(); return true;" onblur="leaveLname();" required>
<span id="lnameMessage"></span>
<input class="logbar" id="email" name="email" type="text" placeholder="Email" onfocus="CheckEmail();" onblur="leaveEmail();" required>
<span id="emailMessage"></span>
<input class="logbar" id="password" name="password" type="password" placeholder="Password" keyev="true" required >
<input class="logbar" id="password2" name="password2" type="password" placeholder="Confirm Password" onkeyup="checkPass(); return false;" required>
<span id="confirmMessage" class="confirmMessage"></span>
<input value="Logga in" type="button" onclick="formhash(this.form, this.form.password);" id="register">
</form>
并给出了我在此表单上应用的 Sanitize/XSS 保护
if (empty($_REQUEST) === false)
{
$regemail1 = filter_input('INPUT_REQUEST', 'email', 'FILTER_SANITIZE_EMAIL');
$regfirst1 = filter_input('INPUT_REQUEST', 'fname', 'FILTER_SANITIZE_SPECIAL_CHARS');
$reglast1 = filter_input('INPUT_REQUEST', 'lname', 'FILTER_SANITIZE_SPECIAL_CHARS');
$regpass = $_POST['p'];
$regemail = htmlspecialchars($regemail1);
$reglast = htmlspecialchars($reglast1);
$regfirst = htmlspecialchars($regfirst1);
$regemail =
}
当我输入 Hi 时,它会停止标签的功能,这是完美的。但我只想将文本发送到数据库并删除所有其他内容。
【问题讨论】:
标签: sanitize