What is the hidden danger of directly removing the spaces before and after getting the GET/POST parameter?
take PHP as an example, assume that there is a getParam ($name)
method that returns the value of $_ GET [$name]
.
what would happen if I did trim
directly to all $_ GET
values in this method?
Ps: does not pass null values, NULL, true/false.
what if it refers to security risks? I don't think there's a security risk.
but I don't advise you to do this. I just want to pass the space + letter.
look at the usage scenario. If you are writing a generic method, for example, you are writing a framework generic method, it is up to the user to decide whether or not to trim.
you just write a method in the business logic controller, which I think is fine.
is usually dropped by Filter, because if there are a lot of spaces in the parameter, there may be more unknown bug;. Even if you want to pass spaces, ah, switch to physical tags. I don't think there is any security risk. If you have to keep spaces, you can consider
generally speaking, there is no hidden danger when using spaces. If there is, there will be spaces in your business logic. Because the default of trim () itself is to remove the left and right spaces, tab and other blank
if it is only $_ GET, then there is no hidden danger, and it is very supportive to do so!
that's what I usually do. It's not a security hazard, it's a necessary Filter.