1
I am willing to handle the $_REQUEST keys and values that a page receives.
The check would be:
if(!empty($_REQUEST)){
// Tratamento das chaves e valores
}
This is because I had some problems regarding security, where key values were being changed :(
For this reason I need to do these treatments and I don’t know what is the most efficient way to do this.
To illustrate this, it follows a printing problem of a $_REQUEST:
Array
(
["onmouseover] => '4Puv(9698)'bad="
)
What is the problem with keys? related: How to validate each data type received from a form?
– rray
but what kind of treatment do you need? Or have more aver with validation? Before Oce played from the direct form on the bench?
– Neuber Oliveira
So I believe that the htmlspecialchars function will solve this for me. The problem is that I would need to handle the keys of this request and not just the values.
– DiChrist
Comes with keys with characters like
# , . ^ ~ & % $? either remove them or what?– rray
My problem is more with single quotes, double quotes that are coming in the values keys. I will put an example in the question.
– DiChrist
But what’s wrong with quotation marks? Are you afraid of sql-Injection? If this is the case use preparedStatement, if the problem is also html-Injection then at the time of
SELECTwhen you bring the data towhileuse thehtmlespecialchars.– Guilherme Nascimento
Already improved, one of the problems may be in setting in the form fields, sometimes as array ex:
name="produtos[id][algo]"– rray