插入批次的安全性?代码点火器

$data[] = array(
                    'id_invoice'    =>  $this->input->post('id_invoice'),
                    'id_product'    =>  $key['id_product'],
                    'id_fabrics'    =>  $key['id_fabric'],
                    'id_option'     =>  $id_option,
                    'name'          =>  $key['name'],
                    'number'        =>  $key['number'],
                    'id_size'       =>  $key['size'],
                    'comment'       =>  $key['comment']);

$this->orders->insert_order_mix($data);

如此简单 您可以从用户输入中删除滥用标签和数据

//Change This
$this->orders->insert_order_mix($data);
// to 
$data = $this->security->xss_clean($data); // You have to clean Data with XSS Filtering
$this->orders->insert_order_mix($data);

此方法使用[已删除]关键字清除所有滥用数据

如果用户可以输入任何脚本，则XSS过滤将按以下方式删除

$name = '<script>Your Name</script>';
echo $name; // Output : <script>Your Name</script>
// But you use XSS then output is change as per below
$name = '<script>Your Name</script>';
$name = $this->security->xss_clean($name);
echo $name; // Output : [removed]Your Name[removed]

或者你可以使用非常简单的编辑你的配置文件

// Change global_xss_filtering value FALSE to TRUE;
/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;

我想你对批量插入的概念感到困惑。请阅读此内容以很好地理解批量插入。现在对于您的问题，如前所述，这些天关注安全性非常好

始终过滤输入和转义输出，从不信任数据。

您可以使用 Codeigniter 安全类来保护您的数据。

例如

$data=$this->security->xss_clean($this->input->post());

或

$postData=$this->input->post();
$data=$this->security->xss_clean($postData);

此外，您可以通过在表单中使用CSRF令牌来避免跨站点请求伪造

感谢您的回答，我不确定您的回答，因为我正在使用 ajax 获取数据，并且数据采用数组格式，这是我在控制器上处理的代码

if (!$this->input->is_ajax_request()) {
        exit('No direct script access allowed');
    } else {
        $input = $this->input->post('ar_dat');
        $option = $this->input->post('list_option');
        if ($option == null){
            $id_option = '';
        } else {
            $id_option = implode(',',$option);
        }
        foreach ($input as $key) {
            $data[] = array(
                'id_invoice'    =>  $this->input->post('id_invoice'),
                'id_product'    =>  $this->input->post('id_product'),
                'id_fabrics'    =>  $this->input->post('id_fabric'),
                'id_option'     =>  $id_option,
                'name'          =>  $key['name'],
                'number'        =>  $key['number'],
                'id_size'       =>  $key['size'],
                'comment'       =>  $key['comment']);
        }
        $this->orders->insert_order_uniform($data);
    }