gpt4 book ai didi

php - 由于分页,Codeigniter 安全检查 uri 是否为数字

转载 作者:行者123 更新时间:2023-12-04 06:38:48 27 4
gpt4 key购买 nike

codeigniter 的安全性中的一件事是检查 uri 是数字还是我们期望的东西!
这是代码:

$this->load->helper('form');
$this->load->library('pagination');
$config['permitted_uri_chars'] = '0-9';
$config['base_url'] = '/member/index';
$config['per_page'] = 5;
$config['num_links'] = 10;
$query_not_voted_rows = "SELECT p_id FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').")";
$config['total_rows'] = $this->db->query($query_not_voted_rows)->num_rows();
$config['full_tag_open'] = '<div id="pagination">';
$config['full_tag_close'] = '</div>';
$this->pagination->initialize($config);

if($this->uri->segment(3) == '')
{
$segment_url = 0;
}else{
$segment_url = $this->uri->segment(3);
}
$query_not_voted = "SELECT * FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').") LIMIT ".$segment_url.", ".$config['per_page'];

但是如果现在有人进入 uri 段:“kdkdkdd”,那么 sql 就会中断,因为 $segment_url是 kdkdkdd 而不是数字!

那么问题来了,如何逃避呢?

最佳答案

这是我的简单解决方案:

if($this->uri->segment(3) == '')
{
$segment_url = 0;
}else{
if(!is_numeric($this->uri->segment(3))){
redirect('404');
}else{
$segment_url = $this->uri->segment(3);
}
}

但是,如果有人对此有更好的想法或教程,请...

关于php - 由于分页,Codeigniter 安全检查 uri 是否为数字,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4540525/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com