1
我發現GUMP類sanitize方法和驗證數據輸入和它的工作原理是這樣的:PHP添加HTML標籤白名單清理輸入
# Note that filters and validators are separate rule sets and method calls. There is a good reason for this.
require "gump.class.php";
$gump = new GUMP();
$_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so.
$gump->validation_rules(array(
'title' => 'required',
'story' => 'required'
));
$gump->filter_rules(array(
'title' => 'trim|sanitize_string',
'story' => 'trim|sanitize_string',
));
$validated_data = $gump->run($_POST);
if($validated_data === false) {
echo $gump->get_readable_errors(true);
} else {
print_r($validated_data); // validation successful
}
在這個動作運作良好,並進行消毒所有輸入數據。爲story字段需要添加html標記,如<p><img><table>,但此類會清理所有$_POST並刪除所有html標記。
我無法找到如何添加白名單(<p><img><table>)進行消毒?我怎樣才能爲html標籤添加一個白名單?
歡迎來到Stack Overflow。我編輯了你的帖子來修正英文和拼寫錯誤的用法。你已經發現如何降低代碼是很好的。 –