我找到了GUMP类用于清理和验证数据输入,它的工作原理如下:
# Note that filters and validators are separate rule sets and method calls. There is a good reason for this.
require "gump.class.php";
$gump = new GUMP();
$_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so.
$gump->validation_rules(array(
'title' => 'required',
'story' => 'required'
));
$gump->filter_rules(array(
'title' => 'trim|sanitize_string',
'story' => 'trim|sanitize_string',
));
$validated_data = $gump->run($_POST);
if($validated_data === false) {
echo $gump->get_readable_errors(true);
} else {
print_r($validated_data); // validation successful
}
在行动中,这很有效,并清理所有输入数据。对于story字段需要添加html标记,例如<p><img><table>,但此类会清除所有$_POST并删除所有html标记。
我无法找到如何添加白名单(<p><img><table>)进行消毒?!如何为html标签添加白名单?