我有一个简单的表单请求用户名和密码。正则表达式应检测是否存在小于或大于字符中的一个或多个 一切都可以正常使用大于,但小于导致错误反馈消息的截止/停止。
实施例: 如果我输入'road'作为用户名并输入'w> ay'作为密码,我会得到:
road is good to go
Your entry: "w>ay" contains illegal characters.
Please re-enter, and be sure the < or the > are not present.
现在,如果我输入'w<ay',我会得到:
road is good to go
Your entry: "wPlease re-enter, and be sure the < or the > are not present.
我很难过。
代码:
<?php
function characterEntryCheck($dataEntered)
{
$illegal="/[><]+/";
if(preg_match($illegal, $dataEntered))
{
echo "Your entry: \"" . $dataEntered . "\" contains illegal characters." . "<br>";
echo "Please re-enter, and be sure the < or the > are not present." ."<br>";
exit;
}
else{
echo $dataEntered . " is good to go" . "<br>"; // feedback for testing only
}
}
/* Variable passed from input data fields in form */
$name=$_POST["u"];
$password=$_POST["p"];
if(!empty($name)&&!empty($password)) // has data has been entered?
{
characterEntryCheck($name);
characterEntryCheck($password);
}else{
echo "Please enter data in all of the fields"; // feedback for testing only
}
&GT;
答案 0 :(得分:0)
您需要使用htmlspecialchars:
htmlspecialchars($dataEntered, ENT_QUOTES);
答案 1 :(得分:0)
<会破坏您的输出,因为您没有正确转义输出。在回显之前在$dataEntered中换行htmlspecialchars():
echo "Your entry: \"" . htmlspecialchars($dataEntered) . "\" contains illegal characters." . "<br>";
请注意,如果您没有这样做并且有人输入了<script>evil_javascript_commands...</script>这样的用户名,那么您的网站刚刚受到Cross-Site Scripting (XSS)的影响,这会产生一些令人惊讶的令人讨厌的影响。