sanitize | 易学教程

Is mysql_real_escape_string() necessary when using prepared statements?

阅读更多关于 Is mysql_real_escape_string() necessary when using prepared statements?

问题 For this query, is necessary to use mysql_real_escape_string ? Any improvement or the query is fine ? $consulta = $_REQUEST["term"]."%"; ($sql = $db->prepare('select location from location_job where location like ?')); $sql->bind_param('s', $consulta); $sql->execute(); $sql->bind_result($location); $data = array(); while ($sql->fetch()) { $data[] = array('label' => $location); } The query speed is important in this case. 回答1: No, prepared queries (when used properly) will ensure data is

C# Sanitize File Name

阅读更多关于 C# Sanitize File Name

问题 I recently have been moving a bunch of MP3s from various locations into a repository. I had been constructing the new file names using the ID3 tags (thanks, TagLib-Sharp!), and I noticed that I was getting a System.NotSupportedException : "The given path's format is not supported." This was generated by either File.Copy() or Directory.CreateDirectory() . It didn't take long to realize that my file names needed to be sanitized. So I did the obvious thing: public static string SanitizePath_

What's up with these Unicode combining characters and how can we filter them?

阅读更多关于 What's up with these Unicode combining characters and how can we filter them?

问题 กิิิิิิิิิิิิิิิิิิิิ ก้้้้้้้้้้้้้้้้้้้้ ก็็็็็็็็็็็็็็็็็็็็ ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิิิิิิิิิิิิ ก้้้้้้้้้้้้้้้้้้้้ ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิิิิิิิิิิิิ ก้้้้้้้้้้้้้้้้้้้้ กิิิิิิิิิิิิิิิิิิิิ ก้้้้้้้้้้้้้้้้้้้้ ก็็็็็็็็็็็็็็็็็็็็ ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิิิิิิิิิิิิ ก้้้้้้้้้้้้้้้้้้้้ ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิิิิิิิิิิิิ ก้้้้้้้้้้้้้้้้้้้้ These recently showed up in facebook comment sections. How can we sanitize this? 回答1: What's up with

HTML Agility Pack strip tags NOT IN whitelist

阅读更多关于 HTML Agility Pack strip tags NOT IN whitelist

I'm trying to create a function which removes html tags and attributes which are not in a white list. I have the following HTML: first text second text here <a>some text here</a> <a>some text here</a> <a>some twxt here</a> I am using HTML agility pack and the code I have so far is: static List<string> WhiteNodeList = new List<string> { "b" }; static List<string> WhiteAttrList = new List<string> { }; static HtmlNode htmlNode; public static void RemoveNotInWhiteList(out string _output, HtmlNode pNode, List<string> pWhiteList, List<string> attrWhiteList) { // remove all attributes

How to sanitze user input in PHP before mailing?

阅读更多关于 How to sanitze user input in PHP before mailing?

I have a simple PHP mailer script that takes values from a form submitted via POST and mails them to me: <?php $to = "me@example.com"; $name = $_POST['name']; $message = $_POST['message']; $email = $_POST['email']; $body = "Person $name submitted a message: $message"; $subject = "A message has been submitted"; $headers = 'From: ' . $email; mail($to, $subject, $body, $headers); header("Location: http://example.com/thanks"); ?> How can I sanitize the input? Haim Evgi Sanitize the post variable with filter_var() . Example here . Like: echo filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); Since

Safely sandbox and execute user submitted JavaScript?

阅读更多关于 Safely sandbox and execute user submitted JavaScript?

问题 I would like to have the ability to let users submit arbitrary JavaScript code, which is then sent to a Node.JS server and safely executed before the output is sent back to multiple clients (as JSON). The eval function comes to mind, but I know this has multiple security concerns (the user submitted code would be able to access Node\'s File API, etc). I have seen some projects like Microsoft Web Sandbox and Google Caja which allow execution of sanitized markup and script (for embedding third

Turn a string into a valid filename?

阅读更多关于 Turn a string into a valid filename?

I have a string that I want to use as a filename, so I want to remove all characters that wouldn't be allowed in filenames, using Python. I'd rather be strict than otherwise, so let's say I want to retain only letters, digits, and a small set of other characters like "_-.() " . What's the most elegant solution? The filename needs to be valid on multiple operating systems (Windows, Linux and Mac OS) - it's an MP3 file in my library with the song title as the filename, and is shared and backed up between 3 machines. S.Lott You can look at the Django framework for how they create a "slug" from

HTML Agility Pack strip tags NOT IN whitelist

阅读更多关于 HTML Agility Pack strip tags NOT IN whitelist

问题 I\'m trying to create a function which removes html tags and attributes which are not in a white list. I have the following HTML: first text second text here <a>some text here</a> <a>some text here</a> <a>some twxt here</a> I am using HTML agility pack and the code I have so far is: static List<string> WhiteNodeList = new List<string> { \"b\" }; static List<string> WhiteAttrList = new List<string> { }; static HtmlNode htmlNode; public static void RemoveNotInWhiteList(out

Turn a string into a valid filename?

阅读更多关于 Turn a string into a valid filename?

问题 I have a string that I want to use as a filename, so I want to remove all characters that wouldn\'t be allowed in filenames, using Python. I\'d rather be strict than otherwise, so let\'s say I want to retain only letters, digits, and a small set of other characters like \"_-.() \" . What\'s the most elegant solution? The filename needs to be valid on multiple operating systems (Windows, Linux and Mac OS) - it\'s an MP3 file in my library with the song title as the filename, and is shared and