使用insert_batch,任何人都可以知道如何在代码点火器上阻止用户输入吗? 对不起,英语不好像这样的代码
$data[] = array(
'id_invoice' => $this->input->post('id_invoice'),
'id_product' => $key['id_product'],
'id_fabrics' => $key['id_fabric'],
'id_option' => $id_option,
'name' => $key['name'],
'number' => $key['number'],
'id_size' => $key['size'],
'comment' => $key['comment']);
并像这样使用插入批处理
$this->orders->insert_order_mix($data);
如此简单 您可以从用户输入中删除滥用标签和数据
//Change This
$this->orders->insert_order_mix($data);
// to
$data = $this->security->xss_clean($data); // You have to clean Data with XSS Filtering
$this->orders->insert_order_mix($data);
此方法使用[已删除]关键字清除所有滥用数据
如果用户可以输入任何脚本,则XSS过滤将按以下方式删除
$name = '<script>Your Name</script>';
echo $name; // Output : <script>Your Name</script>
// But you use XSS then output is change as per below
$name = '<script>Your Name</script>';
$name = $this->security->xss_clean($name);
echo $name; // Output : [removed]Your Name[removed]
或者你可以使用非常简单的编辑你的配置文件
// Change global_xss_filtering value FALSE to TRUE;
/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
我想你对批量插入的概念感到困惑。请阅读此内容以很好地理解批量插入。现在对于您的问题,如前所述,这些天关注安全性非常好
始终过滤输入和转义输出,从不信任数据。
您可以使用 Codeigniter 安全类来保护您的数据。
例如
$data=$this->security->xss_clean($this->input->post());
或
$postData=$this->input->post();
$data=$this->security->xss_clean($postData);
此外,您可以通过在表单中使用CSRF令牌来避免跨站点请求伪造
感谢您的回答,我不确定您的回答,因为我正在使用 ajax 获取数据,并且数据采用数组格式,这是我在控制器上处理的代码
if (!$this->input->is_ajax_request()) {
exit('No direct script access allowed');
} else {
$input = $this->input->post('ar_dat');
$option = $this->input->post('list_option');
if ($option == null){
$id_option = '';
} else {
$id_option = implode(',',$option);
}
foreach ($input as $key) {
$data[] = array(
'id_invoice' => $this->input->post('id_invoice'),
'id_product' => $this->input->post('id_product'),
'id_fabrics' => $this->input->post('id_fabric'),
'id_option' => $id_option,
'name' => $key['name'],
'number' => $key['number'],
'id_size' => $key['size'],
'comment' => $key['comment']);
}
$this->orders->insert_order_uniform($data);
}