Remove all array elements except what I want?

后端未结

关注

 8  2045

挽巷 2021-01-31 14:13

I have controller that takes post parameters from HTML form, it will then send them to model that will insert the array into Cassandra database.

It is SQLInjection proof

8条回答

死守一世寂寞 (楼主)

2021-01-31 14:43

By whitelisting the entries you do expect.

 1,
    'type' => 'foo', 
    'title' => 'bar', 
    'body' => 'foo bar', 
    'tags' => 'foo, bar', 
    'one' => 'foo',
    'two' => 'bar',
    'three' => 'qux'
);

$whitelist = array(
    'parent_id',
    'type',
    'title',
    'body',
    'tags'
);

$filtered = array_intersect_key( $post, array_flip( $whitelist ) );

var_dump( $filtered );

Anyway, using Cassandra as a data-store is of course not a reason not to do validation on the data you're receiving.

0 讨论(0)

查看其它8个回答