Question

codeigniter安全性的一件事是检查uri是否是我们期望的数字或其他东西！这是代码：

$this->load->helper('form');
    $this->load->library('pagination');
    $config['permitted_uri_chars'] = '0-9'; 
    $config['base_url'] = '/member/index';
    $config['per_page'] = 5;
    $config['num_links'] = 10;
    $query_not_voted_rows = "SELECT p_id FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').")";
    $config['total_rows'] = $this->db->query($query_not_voted_rows)->num_rows();
    $config['full_tag_open'] = '<div id="pagination">';
    $config['full_tag_close'] = '</div>';
    $this->pagination->initialize($config);

    if($this->uri->segment(3) == '')
    {
        $segment_url = 0;
    }else{
        $segment_url = $this->uri->segment(3);
    }
    $query_not_voted = "SELECT * FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').") LIMIT ".$segment_url.", ".$config['per_page'];

但是如果现在有人进入uri段：“kdkdkdd”，则sql会中断，因为$segment_url是kdkdkdd而不是数字！

所以问题是，如何摆脱这个？

Answer 1

这是我的简单解决方案：

if($this->uri->segment(3) == '')
        {
            $segment_url = 0;
        }else{
            if(!is_numeric($this->uri->segment(3))){
            redirect('404');
            }else{
            $segment_url = $this->uri->segment(3);
            }
        }

但如果有人对此有任何更好的想法或教程，请...

Answer 2

干得好= =

回答1 +

<?
$cadena = "sdfio9874673o4h784";

for ($i=0; $i<strlen($cadena); $i++) {
if (is_numeric($cadena[$i])) {$cadena2.=$cadena[$i];}
}

echo $cadena2;
?>

=漂亮的代码

Codeigniter安全检查uri是否为数字，因为分页

2 个答案: