how can i maximally check $_GET,$_POST variables for security issues? [duplicate]_问答_开发者

how can i maximally check $_GET,$_POST variables for security issues? [duplicate]

开发者 https://www.devze.com 2023-04-11 05:13 出处：网络

This question already has answers here: Closed 11 years ago. Possible Duplicate: Best way to defend against mysql injection and cross site scripting

相关专题：php

This question already has answers here: Closed 11 years ago.

Possible Duplicate:
Best way to defend against mysql injection and cross site scripting
Validating user input?

I know that for mysql I can use > mysql_real_escape_string开发者_如何转开发 but what can I use for php server side to maximally secure it from hacking ? Is there any ultimate way to do it ? If not please write all possible ways to minimize threat of hacking the site.

Best way? Sanitize it when you need it

Often times I see things like

Bad code

foreach ($_GET as $k => $v){
  $_GET[$k] = MyUberSanitizeFunction($v);
}

But that works very few times, and is very much type specific (i.e. in one instance an ID may only want to be numbers, but not every value should be stripped of non-numerics).

Worry about cleansing the information when you need it. If you're going to use it multiple times, cleanse it in to a stored variable, then work with it. But don't worry about "mass sanitizing" on every query request.