开发者

Is it "a-must" to trim all whitespaces in POST/GET vars?

开发者 https://www.devze.com 2023-01-17 14:34 出处:网络
IMHO, I heard about this few times lately. On some web portals I saw when whitespace in the beginning of the keywords, returns empty search result, without whitespaces it\'s working.

IMHO,

I heard about this few times lately. On some web portals I saw when whitespace in the beginning of the keywords, returns empty search result, without whitespaces it's working.

Are there some cas开发者_运维问答es when this can be harmful?

Can somebody give an arguments for this kind of practice?


In almost all cases it's beneficial to clean the input because you can't trust what you're going to get. But note that you don't want to always blindly do it. There are circumstances where you might actually want a leading or trailing space to be there. (E.g., in a password.)


It's generally a good idea to clean up user-entered text, which usually includes removing extraneous whitespace, problematic punctuation characters, and so forth. This can also include replacing multiple adjacent spaces with a single space.

It goes without saying that you should protect yourself from SQL- and HTML-injection attacks, too, by scrubbing (preprocessing) user-supplied text appropriately. The easiest way is to ignore punctuation; another approach is to convert punctuation into harmless escape sequences.


No, there isn't anything wrong with it, if whitespaces are necessary for the user's input, don't trim away, but if they aren't I would suggest you to trim whitespaces.

For example, suppose someone enters a multi word string that you want to split apart.

Normally, you would break strings apart by splitting them using whitespaces as a delimiter, but if whitespaces aren't trimmed, you may or may not get an empty variable at the beginning. This will almost always have you guessing whether or not to use the first element of the split string. It really makes it a lot easier if you just trim whitespaces. Otherwise, you'll have a large block of code to figure out whether the first element of the split string is a valid entry or not.

" This string" would be split into an array that looks like this.

$string[0] = ''
$string[1] = 'This'
$string[2] = 'string'

but "This string" is simply

$string[0] = 'This'
$string[1] = 'string'

If you are doing string operations, you may want to find out how many words are in a string, the first case (above) would show you 3, while the latter would show you 2. There's just too many things to look for unless, the beginning or trailing whitespaces are really necessary.

0

精彩评论

暂无评论...
验证码 换一张
取 消