好的,我有一个用户提交数据的表单,我想要一些安全反馈(在wordpress上使用PHP):
我想从表格中得到什么:
我从一个接收数据的表单开始。我有一个功能,剥离大多数东西,但我想保持' (单引号)和! (感叹号)。我也很好奇在添加数据之前我可以采取哪些基本步骤来保护我的MySQL数据库?
我发现这个功能用于剥离,但仍然带走(单引号和感叹号):
function strip_punctuation( $content )
{
$urlbrackets = '\[\]\(\)';
$urlspacebefore = ':;\'_\*%@&?!' . $urlbrackets;
$urlspaceafter = '\.,:;\'\-_\*@&\/\\\\\?!#' . $urlbrackets;
$urlall = '\.,:;\'\-_\*%@&\/\\\\\?!#' . $urlbrackets;
$specialquotes = '\'"\*<>';
$fullstop = '\x{002E}\x{FE52}\x{FF0E}';
$comma = '\x{002C}\x{FE50}\x{FF0C}';
$arabsep = '\x{066B}\x{066C}';
$numseparators = $fullstop . $comma . $arabsep;
$numbersign = '\x{0023}\x{FE5F}\x{FF03}';
$percent = '\x{066A}\x{0025}\x{066A}\x{FE6A}\x{FF05}\x{2030}\x{2031}';
$prime = '\x{2032}\x{2033}\x{2034}\x{2057}';
$nummodifiers = $numbersign . $percent . $prime;
return preg_replace(
array(
// Remove separator, control, formatting, surrogate,
// open/close quotes.
'/[\p{Z}\p{Cc}\p{Cf}\p{Cs}\p{Pi}\p{Pf}]/u',
// Remove other punctuation except special cases
'/\p{Po}(?<![' . $specialquotes .
$numseparators . $urlall . $nummodifiers . '])/u',
// Remove non-URL open/close brackets, except URL brackets.
'/[\p{Ps}\p{Pe}](?<![' . $urlbrackets . '])/u',
// Remove special quotes, dashes, connectors, number
// separators, and URL characters followed by a space
'/[' . $specialquotes . $numseparators . $urlspaceafter .
'\p{Pd}\p{Pc}]+((?= )|$)/u',
// Remove special quotes, connectors, and URL characters
// preceded by a space
'/((?<= )|^)[' . $specialquotes . $urlspacebefore . '\p{Pc}]+/u',
// Remove dashes preceded by a space, but not followed by a number
'/((?<= )|^)\p{Pd}+(?![\p{N}\p{Sc}])/u',
// Remove consecutive spaces
'/ +/',
),
' ',
$content );
}
任何想法如何获得&#39; (单引号)和! (感叹号)允许回来?另外,在进入之前保护MySQL数据库的最简单方法是什么?
谢谢!