本文整理汇总了PHP中Sanitize::sanitize方法的典型用法代码示例。如果您正苦于以下问题:PHP Sanitize::sanitize方法的具体用法?PHP Sanitize::sanitize怎么用?PHP Sanitize::sanitize使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Sanitize
的用法示例。
在下文中一共展示了Sanitize::sanitize方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __construct
class Sanitize
{
private $data;
public function __construct($input)
{
$this->data = $input;
}
public function getData()
{
return $this->data;
}
public function sanitize()
{
$this->data = mysql_real_escape_string($this->data);
}
}
$sanitizer = new Sanitize($tainted);
$sanitizer->sanitize();
$tainted = $sanitizer->getData();
$query = sprintf("SELECT * FROM '%s'", $tainted);
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
print_r($data);
echo "<br />";
}
mysql_close($conn);
开发者ID:stivalet,项目名称:PHP-Vulnerability-test-suite,代码行数:31,代码来源:CWE_89__POST__object-func_mysql_real_escape_stringGetter__select_from-sprintf_%s_simple_quote.php
示例2: sanitize
MODIFICATIONS.*/
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("file", "/tmp/error-output.txt", "a"));
$cwd = '/tmp';
$process = proc_open('more /tmp/tainted.txt', $descriptorspec, $pipes, $cwd, NULL);
if (is_resource($process)) {
fclose($pipes[0]);
$tainted = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$return_value = proc_close($process);
}
class Sanitize
{
public function sanitize($input)
{
return mysql_real_escape_string($input);
}
}
$temp = new Sanitize();
$tainted = $temp->sanitize($tainted);
$query = "SELECT lastname, firstname FROM drivers, vehicles WHERE drivers.id = vehicles.ownerid AND vehicles.tag=' {$tainted} '";
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
print_r($data);
echo "<br />";
}
mysql_close($conn);
开发者ID:stivalet,项目名称:PHP-Vulnerability-test-suite,代码行数:31,代码来源:CWE_89__proc_open__object-func_mysql_real_escape_string__join-interpretation_simple_quote.php