当前位置: 首页 » php

Is mysqli

This question already has an answer here: How can I prevent SQL injection in PHP? 28 answers SQL injection that gets around mysql_real_escape_string() 4 answers

2018-07-03 13:00:17

是mysqli

这个问题在这里已经有了答案: 我如何防止PHP中的SQL注入? 28个答案 SQL注入绕过mysql_real_escape_string()4个答案

2018-07-03 13:00:17

php

This question already has an answer here: SQL injection that gets around mysql_real_escape_string() 4 answers It is not mysqli_real_escape_string that is not safe , but the way PHP users tend to use it. As long as you are setting a character set with set_charset() and always wrapping your escaped values in single quotes, despite the type, then technically the statement above would be safe.

2018-07-03 12:59:16

PHP

这个问题在这里已经有了答案: SQL注入绕过mysql_real_escape_string()4个答案 这不是mysqli_real_escape_string ,这不是安全的 ,而是PHP用户倾向于使用它的方式。 只要你用set_charset()设置一个字符集, 并且总是将你的转义值包装在单引号中,尽管类型是,然而从技术上讲,上面的语句是安全的。 但是,正如您所看到的,有太多规则可以遵循 - 对于普通的PHP用户而言,这种情况太复杂了。 因此,这种手动格式化是注

2018-07-03 12:59:15

Is mysql

This question already has an answer here: SQL injection that gets around mysql_real_escape_string() 4 answers mysql_real_escape_string is safe to use if used properly (ie, everywhere you're inserting PHP variables into your queries), but as has been pointed out in the comments it's not the only thing you need to worry about. For example, HTML markup could be inserted into your DB and

2018-07-03 12:58:14

是mysql

这个问题在这里已经有了答案: SQL注入绕过mysql_real_escape_string()4个答案 如果正确使用mysql_real_escape_string是安全的(即,将PHP变量插入到查询中的任何位置),但正如在注释中指出的,它不是您唯一需要担心的事情。 例如,可以将HTML标记插入数据库并用于跨站点脚本攻击。 您可能还想考虑准备好的语句作为mysql_real_escape_string的替代方法,因为它们会自动为您跳过输入,因此不会意外忘记跳过参数。

2018-07-03 12:58:13

How can mysqli

This question already has an answer here: SQL injection that gets around mysql_real_escape_string() 4 answers As long as you are using mysqli_set_charset() to set client encoding, and mysqli_real_escape_string() is used to format strings only , it is perfectly safe. However, if your question implied using this function right in the application code, instead of behind-the-scenes processing o

2018-07-03 12:57:11

如何可以mysqli

这个问题在这里已经有了答案: SQL注入绕过mysql_real_escape_string()4个答案 只要您使用mysqli_set_charset()设置客户端编码,并且mysqli_real_escape_string()使用mysqli_real_escape_string()来格式化字符串 ,则它是完全安全的。 但是,如果您的问题隐含在应用程序代码中使用此函数,而不是基于占位符的查询的幕后处理,或者至少以PDO的quote()函数的形式(它一次转义和引用)它是直接注射的方式。 功能本身不是

2018-07-03 12:57:11

How to validate an email address in PHP

I have this function to validate an email addresses: function validateEMAIL($EMAIL) { $v = "/[a-zA-Z0-9_-.+]+@[a-zA-Z0-9-]+.[a-zA-Z]+/"; return (bool)preg_match($v, $EMAIL); } Is this okay for checking if the email address is valid or not? The easiest and safest way to check whether an email address is well-formed is to use the filter_var() function: if (!filter_var($email, FILTER_V

2018-07-03 08:27:06

如何验证PHP中的电子邮件地址

我有这个功能来验证电子邮件地址: function validateEMAIL($EMAIL) { $v = "/[a-zA-Z0-9_-.+]+@[a-zA-Z0-9-]+.[a-zA-Z]+/"; return (bool)preg_match($v, $EMAIL); } 这可以检查电子邮件地址是否有效吗? 检查电子邮件地址是否格式正确的最简单最安全的方法是使用filter_var()函数: if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { // invalid emailaddress } 另外,您可以检查域是否定义MX记录: if (

2018-07-03 08:27:06

How do I generate long valid email address?

What I mean: $ php -r 'var_dump(filter_var(str_repeat("a", 64) . "@gmail.com", FILTER_VALIDATE_EMAIL));' Command line code:1: string(74) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@gmail.com" $ php -r 'var_dump(filter_var(str_repeat("a", 65) . "@gmail.com", FILTER_VALIDATE_EMAIL));' Command line code:1: bool(false) Is there a restriction on length of a mailbox name? I nee

2018-07-03 08:18:46

我如何生成长的有效电子邮件地址?

我的意思是: $ php -r 'var_dump(filter_var(str_repeat("a", 64) . "@gmail.com", FILTER_VALIDATE_EMAIL));' Command line code:1: string(74) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@gmail.com" $ php -r 'var_dump(filter_var(str_repeat("a", 65) . "@gmail.com", FILTER_VALIDATE_EMAIL));' Command line code:1: bool(false) 邮箱名称的长度是否有限制? 我需要长度超过255个字符的电子

2018-07-03 08:18:46

Retrieve full email address from string

I'm currently building a Slack bot using Laravel, and one of the features is that it can receive an email address and send a message to it. The issue is that email addresses (eg bob@example.com ) come through as <mailto:bob@example.com|bob@example.com> from Slack. I currently have a function that retrieves the email from this: public function getEmail($string) { $pattern = '/[a

2018-07-03 07:54:56

从字符串检索完整的电子邮件地址

我目前正在使用Laravel构建一个Slack僵尸程序,其中一个特性是它可以接收一个电子邮件地址并向它发送消息。 问题是电子邮件地址(例如bob@example.com )来自Slack的<mailto:bob@example.com|bob@example.com> 。 我目前有一个函数可以从这里获取电子邮件: public function getEmail($string) { $pattern = '/[a-z0-9_-+]+@[a-z0-9-]+.([a-z]{2,3})(?:.[a-z]{2})?/i'; preg_match_all($pattern, $string, $ma

2018-07-03 07:54:55

Worldwide email validation

So iv been doing a lot of reading on the best way to validate an email address before submitting a form. Iv read in multiple areas that regular expressions shouldn't be used to validate email addresses. eg http://www.regular-expressions.info/email.html Validate email address in JavaScript? my problem with using regular expressions is that I need to be able to allow foreign characters

2018-07-03 07:24:54

全球邮件验证

因此,在提交表单之前,我一直在进行大量的阅读,以验证电子邮件地址的最佳方式。 Iv在多个领域阅读正则表达式不应该用于验证电子邮件地址。 例如 http://www.regular-expressions.info/email.html 在JavaScript中验证电子邮件地址? 我使用正则表达式的问题是我需要能够允许外部字符在电子邮件中,因为它们可能来自世界的任何地方,我不知道如何确保允许他们不花费年龄设置无用帐户来测试。 进一步到我的阅读中,我看

2018-07-03 07:24:53

Checking for valid email and if it exists

I have successfully been able to allow users to invite a friend by sending them an email with a unique invite code, however I am trying to add to ability to check if it is a valid email address and if the email is already registered in another table 'users' (same database) as it would be a headache for someone who is already registered to receive invite emails. I have tried to check f

2018-07-03 07:23:52

检查有效的电子邮件,如果它存在

我已经成功地允许用户通过向他们发送具有唯一邀请代码的电子邮件来邀请朋友, 但我试图增加能力来检查它是否是一个有效的电子邮件地址,并且如果该电子邮件已经在另一个表'用户'(相同的数据库)中注册,那么这对于已经注册的用户来说是一件头疼的事情,要接收邀请电子邮件。 我试图检查一个有效的电子邮件,如果它通过写这个脚本存在: function email_registered($email) { $email = sanitize($email); retu

2018-07-03 07:23:51

The Advantages of Email Validation with RegEx

This question already has an answer here: How to validate an Email in PHP? 5 answers FILTER_VALIDATE_EMAIL will validate the email address according to standards. like if you will validate '0test'mail_check@testing.com' with filter_var you will get output as true. But in actual this is not a valid email and you can track this using regular expressions. Regular expressions gives you muc

2018-07-03 07:22:50

使用RegEx进行电子邮件验证的优势

这个问题在这里已经有了答案: 如何在PHP中验证电子邮件? 5个答案 FILTER_VALIDATE_EMAIL将根据标准验证电子邮件地址。 就像你会验证一样 '0test'mail_check@testing.com' 与filter_var你会得到输出为真。 但实际上这不是一个有效的电子邮件,你可以使用正则表达式来跟踪它。 正则表达式提供了很多控制权,但同时正则表达式很复杂,并且filter_var更清晰。 所以,你可以决定使用什么。 :)

2018-07-03 07:22:49