使用此代码时,我在 netbeans 上收到警告。有人可以发布不会在 netbeans 中显示任何警告并实现我想要的代码。我的代码是否包含安全漏洞?
.
我收到的警告是“切勿直接访问 Superglobal $_POST。请改用一些过滤功能。”
.
<?php
//test if required vars are set
if (
isset($_POST['num']) &&
isset($_POST['desc'])
) {
(double) $num = filter_var($_POST['num'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$desc = $_POST['desc'];
//do stuff after with these vars such as: mysqli queries; equations with ! === || &&.
}
?>
最佳答案
尝试使用这个:
<?php
if (filter_input(INPUT_POST, 'num') && filter_input(INPUT_POST, 'desc')) {
(double) $num = filter_input(INPUT_POST, 'num', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
$desc = filter_input(INPUT_POST, 'desc');
//do stuff after with these vars such as: mysqli queries; equations with ! === || &&.
}
关于PHP:如何处理 $_POST 数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26791937/