Some may know that PHP methods can be remotely invoked from Flash. Sometimes the input parameter of a remote PHP method is an array of integers. Because PHP is dynamically typed an attacker can pass an array of anything. The array of integers has to be used in a SQL query. At the moment I m preventing injection like this:
foreach ($unsafeArray as $value)
$safeArray[] = (int)$value;
你推荐什么?也许我应该开始使用Java:D
您可以使用以下方法:$aSafeArray=array_map(intval,$aUnsafeArray)以确保所有传递的值都是整数。
My advice would be to start using prepared statements! Example:
$o->bindParam( :anint , $iInt, PDO::PARAM_INT);
你推荐什么?
我不是flash专家,但实际上,只要知道PHP方法的名称就可以调用它,并且参数可以作为数组传递。因此,问题实际上不是远程方法调用,而是输入过滤和验证。
根据预期的行为,我会使用intval,而不是硬转换为int(AFAIR它会在无效值上返回0),否则你可能会抛出异常或其他什么。你必须首先定义它的行为。
也许我应该开始使用Java
不需要,除非您想要一个在编译和运行时都具有开发速度和巨大内存需求的臃肿解决方案:p
I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...
<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...
我把我的用心从使用QQL转向MySQL。 它与凯科特合作,现在不工作,因为我已经改变,使用MySQL。 这里的错误信息是:
We have a restaurant table that has lat-long data for each row. We need to write a query that performs a search to find all restaurants within the provided radius e.g. 1 mile, 5 miles etc. We have ...
Is it possible in php to return a specific row of data from a mysql query? None of the fetch statements that I ve found return a 2 dimensional array to access specific rows. I want to be able to ...
Our website was developed with a meta tag set to... <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> This works fine for M-dashes and special quotes, etc. However, I ...
What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...
My table looks like person_id | car_id | miles ------------------------------ 1 | 1 | 100 1 | 2 | 200 2 | 3 | 1000 2 | 4 | 500 I need to ...