问题描述
我正在学习PHP,并想问一下这两种不同方法中哪一种在sql Server安全性方面更好?假设它将用于登录表单。
功能#1
function SanitizeInput($in,$len = 20)
{
return substr(preg_replace("/[^a-zA-Z0-9_]/","",htmlspecialchars(htmlentities(strip_tags($in)))),$len);
}
用法:
$ username = $ thisDB-> SanitizeInput($ _ POST ['username']);
功能#2&3
function security($text) {
$text = trim($text);
$search = array('','',',');
$replace = array('C','c','G','g','i','I','O','o','S','s','U','u');
$new_text = str_replace($search,$replace,$text);
return $new_text;
}
function sqlSecurity($text) {
$text = trim(htmlspecialchars($text));
$search = array("'",'"',"TruncATE","truncate","UPDATE","update","SELECT","select","DROP","drop","DELETE","delete","WHERE","where","EXEC","exec","INSERT INTO","insert into","PROCEDURE","procedure","--");
$replace = array("","");
$new_text = str_replace($search,$text);
return $new_text;
}
用法:
$ username = $ thisDB-> sqlSecurity($ thisDB-> security($ _ POST ['username']));
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)