Question

我们正在尝试删除一些输入字段的清理工具甚至不确定这是正确的方法。联系表单在HTML文件上有3个字段名称email textarea，用于将数据发送到verify.php文件以发布数据。我们的问题是我们在下面的代码中做错了什么？下面的代码都在一个PHP文件中，该文件是从HTML文件中调用的。

$name = stripslashes($_POST["name"]);
$email = stripslashes($_POST["email"]);
$message = stripslashes($_POST["message"]);

这是发布

的代码

$email = $_REQUEST['email'] ;
$message = $_REQUEST['message'] ;
$name = $_REQUEST['name'] ;
$msg = 
"Name: " . $name . "\r\n" . 
"Email: " . $email . "\r\n" . 
"Message: " . $message = wordwrap($message, 70, "\n", true);


function isInjected($str) {
    $injections = array('(%0A+)',
    '(%0D+)',
    '(%08+)',
    '(%09+)'
    );
    $inject = join('|', $injections);
    $inject = "/$inject/i";
    if(preg_match($inject,$str)) {
        return true;
    }else {
        return false;
    }
}

Answer 1

If you're NOT using PHP 5.4.0+ where Magic Quotes feature still stands, then add this at the top of your code to strip slashes from all your incoming $_ datas.

if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

Remove stripslashes() in the below code so that stripslashing only occurs once:

$name = $_POST["name"];
$email = $_POST["email"]);
$message = $_POST["message"];

Answer 2

我们在过去两个小时内做了很多阅读，这里的代码是有效的 @Karlo Kokkak代码也将解决问题所有代码都在PHP文件中带有正则表达式的strip_tags和preg_replace是一些代码行

res/values/*.xml

php stripslashes不删除引号和反斜杠

2 个答案: