当前位置: 首页>>代码示例>>PHP>>正文


PHP Sanitize::sanitize方法代码示例

本文整理汇总了PHP中Sanitize::sanitize方法的典型用法代码示例。如果您正苦于以下问题:PHP Sanitize::sanitize方法的具体用法?PHP Sanitize::sanitize怎么用?PHP Sanitize::sanitize使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Sanitize的用法示例。


在下文中一共展示了Sanitize::sanitize方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: __construct

class Sanitize
{
    private $data;
    public function __construct($input)
    {
        $this->data = $input;
    }
    public function getData()
    {
        return $this->data;
    }
    public function sanitize()
    {
        $this->data = mysql_real_escape_string($this->data);
    }
}
$sanitizer = new Sanitize($tainted);
$sanitizer->sanitize();
$tainted = $sanitizer->getData();
$query = sprintf("SELECT * FROM '%s'", $tainted);
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
    print_r($data);
    echo "<br />";
}
mysql_close($conn);
开发者ID:stivalet,项目名称:PHP-Vulnerability-test-suite,代码行数:31,代码来源:CWE_89__POST__object-func_mysql_real_escape_stringGetter__select_from-sprintf_%s_simple_quote.php

示例2: sanitize

MODIFICATIONS.*/
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("file", "/tmp/error-output.txt", "a"));
$cwd = '/tmp';
$process = proc_open('more /tmp/tainted.txt', $descriptorspec, $pipes, $cwd, NULL);
if (is_resource($process)) {
    fclose($pipes[0]);
    $tainted = stream_get_contents($pipes[1]);
    fclose($pipes[1]);
    $return_value = proc_close($process);
}
class Sanitize
{
    public function sanitize($input)
    {
        return mysql_real_escape_string($input);
    }
}
$temp = new Sanitize();
$tainted = $temp->sanitize($tainted);
$query = "SELECT lastname, firstname FROM drivers, vehicles WHERE drivers.id = vehicles.ownerid AND vehicles.tag=' {$tainted} '";
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// Connection to the database (address, user, password)
mysql_select_db('dbname');
echo "query : " . $query . "<br /><br />";
$res = mysql_query($query);
//execution
while ($data = mysql_fetch_array($res)) {
    print_r($data);
    echo "<br />";
}
mysql_close($conn);
开发者ID:stivalet,项目名称:PHP-Vulnerability-test-suite,代码行数:31,代码来源:CWE_89__proc_open__object-func_mysql_real_escape_string__join-interpretation_simple_quote.php


注:本文中的Sanitize::sanitize方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。