我有控制器,从HTML表单接受后的参数,它就会送他们到模型,将插入数组卡桑德拉数据库中。
I have controller that takes post parameters from HTML form, it will then send them to model that will insert the array into Cassandra database.
这是SQL注入攻击的证据,因为它是NoSQL的,但是我怕的是,用户可以直接模拟100K后的参数或只是添加一些我不需要,它会被插入到数据库中。我怎样才能确保只有我所需要的值将留在我的数组。
It is SQLInjection proof, because it's NoSQL, however what I'm afraid is that user can just simulate 100k post parameters or just add some that I don't need and it will be inserted into database. How can I make sure that only the values I need will stay in my array.
例如:
$post = ['parent_id', 'type', 'title', 'body', 'tags']; // Good $post = ['parent_id', 'type', 'title', 'body', 'tags', 'one', 'two', 'three'] // Bad我如何确保我的阵列将取消设置所有不在的好的例子吗?
推荐答案您正在寻找 array_intersect :
You are looking for array_intersect:
$good = ['parent_id', 'type', 'title', 'body', 'tags']; $post = ['parent_id', 'type', 'title', 'body', 'tags', 'one', 'two', 'three']; print_r(array_intersect($good, $post));看到它在行动
See it in action.
当然这个具体的例子并没有多大意义,因为它可以在阵列的值的,但也有 array_intersect_key ,做相同的基于上的按键。
Of course this specific example does not make much sense because it works on array values, but there is also array_intersect_key that does the same based on keys.
更多推荐
除了删除我想要的所有数组元素?
发布评论