PHP

Moderators: None (Apply to moderate this forum)
Number of threads: 1794
Number of posts: 4903

PHP
Forum Info
This Forum Only
Post New Thread
Single Post View       Linear View       Threaded View      f

Report
Making Safe Variables Posted by Pontiac76 on 22 Nov 2009 at 1:36 PM
Hey all;

Just a small PHP function I came up with today.

I'm writing a rather involved PHP site that deals with a lot of checks against a MySQL database, dumping data to a browser, or dealing with form information. I'm going in and out of the PHP code to draw the site. I was getting annoyed with having to write out mysql_real_escape_string($VariableName) or htmlspecialchars($VariableName) whenever I wanted to deal with some data, especially when having several checks against the SQL statement, so I came up with a small function that'll take some data and convert it to a type of output I want. It makes things a LITTLE more neater in my oppinion if used properly.

You could use this at the beginning of your PHP script to get the $_GET/$_POST data properly formatted for wherever you're going to send the data out to.

function MakeSafe($Unsafe,$OriginalName="") {
  if ($OriginalName!="") $NewVar[$OriginalName]=$Unsafe;
  $NewVar["MySQL"]=mysql_real_escape_string($Unsafe);
  $NewVar["HTML"]=htmlspecialchars($Unsafe);
  $NewVar["URLEncode"]=urlencode($Unsafe);
  $NewVar["URLDecode"]=urldecode($Unsafe);
  return $NewVar;
}


When I want to use a variable in multiple places:
<?
// Generate the variable lists
$OutputVar=MakeSafe($UnsafeVarible);

echo $OutputVar["HTML"];
$Sql="select * from tbl_example where ExField='".$OutputVar["MySQL"]."'";
?>

<a href='<?echo $OutputVar["URLEncode"]?>'>Linky Linky</a>


To make better sense of where this would come in useful, lets say we're adding a user to a database with the country they were born in:

<?
// Assume we pulled this from a database query:
$OriginalUserName="Donnald O'Brian <CAN>";

// No more assumptions
$UserName=MakeSafe($OriginalUserName);
$SqlToAddUser="insert into tbl_users Name='".$UserName["MySQL"]."'";
echo "<a href='viewuser.php?UN=".$UserName["URLEncode"]."'>".$UserName["HTML"]."</a>";
?>


Just thought I'd share. Makes things a LITTLE bit easier.

PS: Not sure if its just the preview or what, but those code blocks don't seem to work right. :/
Reply   Share By Email Share By Email
Report
Re: Making Safe Variables Posted by aziar_oropesa on 27 Nov 2009 at 12:45 AM
: Hey all;
:
: Just a small PHP function I came up with today.
:
: I'm writing a rather involved PHP site that deals with a lot of
: checks against a MySQL database, dumping data to a browser, or
: dealing with form information. I'm going in and out of the PHP code
: to draw the site. I was getting annoyed with having to write out
: mysql_real_escape_string($VariableName) or
: htmlspecialchars($VariableName) whenever I wanted to deal with some
: data, especially when having several checks against the SQL
: statement, so I came up with a small function that'll take some data
: and convert it to a type of output I want. It makes things a LITTLE
: more neater in my oppinion if used properly.
:
: You could use this at the beginning of your PHP script to get the
: $_GET/$_POST data properly formatted for wherever you're going to
: send the data out to.
:
: 
: 
: function MakeSafe($Unsafe,$OriginalName="") {
:   if ($OriginalName!="") $NewVar[$OriginalName]=$Unsafe;
:   $NewVar["MySQL"]=mysql_real_escape_string($Unsafe);
:   $NewVar["HTML"]=htmlspecialchars($Unsafe);
:   $NewVar["URLEncode"]=urlencode($Unsafe);
:   $NewVar["URLDecode"]=urldecode($Unsafe);
:   return $NewVar;
: }
:
:
:
: When I want to use a variable in multiple places:
: 
: 
: <?
: // Generate the variable lists
: $OutputVar=MakeSafe($UnsafeVarible);
: 
: echo $OutputVar["HTML"];
: $Sql="select * from tbl_example where ExField='".$OutputVar["MySQL"]."'";
: ?>
: 
: <a href='<?echo $OutputVar["URLEncode"]?>'>Linky Linky</a>
:
:
:
: To make better sense of where this would come in useful, lets say
: we're adding a user to a database with the country they were born in:
:
: 
: 
: <?
: // Assume we pulled this from a database query:
: $OriginalUserName="Donnald O'Brian <CAN>";
: 
: // No more assumptions
: $UserName=MakeSafe($OriginalUserName);
: $SqlToAddUser="insert into tbl_users Name='".$UserName["MySQL"]."'";
: echo "<a href='viewuser.php?UN=".$UserName["URLEncode"]."'>".$UserName["HTML"]."</a>";
: ?>
:
:
:
: Just thought I'd share. Makes things a LITTLE bit easier.
:
: PS: Not sure if its just the preview or what, but those code blocks
: don't seem to work right. :/
<html>the quick tcho a sdf</html>

Reply   Share By Email Share By Email



 

Recent Jobs

Home About PH Privacy Statement Hosted SubVersion Hosted Bugtracker Contact Us Advertise Here
Official Programmer's Heaven Blogs
Web Hosting | Browser and Social Games | Gadgets

Popular resources on Programmersheaven.com
Assembly | Basic | C | C# | C++ | Delphi | Flash | Java | JavaScript | Pascal | Perl | PHP | Python | Ruby | Visual Basic
© Copyright 2011 Programmersheaven.com - All rights reserved.
Reproduction in whole or in part, in any form or medium without express written permission is prohibited.
Violators of this policy may be subject to legal action. Please read our Terms Of Use and Privacy Statement for more information.
Operated by CommunityHeaven, a BootstrapLabs company.