Web Analytics Made Easy - StatCounter clean input question - CodingForum

Announcement

Collapse
No announcement yet.

clean input question

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Resolved clean input question

    I think i finally got this licked but i wanted to check with you all first.

    here is what i did to clean my input and make sure every time that i have a valid db connection. I am not getting any errors so i think its working fine.

    PHP Code:

    class my_db extends DB_Sql {
    var     $Host "localhost"//Database hostname (most likely localhost)
    var $Database "dbname"//Database name
    var $User "dbuser"//Database user uesrname
    var $Password "dbpass"//Database user password
    }// close class my_db


    //clean the input using db connection

    function cleanInput($value){
    $db=new my_db;
    $link $db->Connect($User$Password$Database$Host);
    $cleanvalue=mysql_real_escape_string($value$link);
    return     $cleanvalue;
    }    //close cleaninput 
    since this db file is included in every php file i have then in the file itself i just call

    PHP Code:
    $var cleanInput($_POST['whatever']); 
    Last edited by durangod; Sep 5, 2011, 10:34 AM.
    I am not crazy, my computer had me checked but its on dialup and im still waiting for results :)
    A good way to remember objects from arrays is you shoot objects with arrows Example: $name->id; then Arrays are $name['id'];
    durangod is short for durango dave
    Tags: None
  • #2
    You might like this version of your clean input. ^_^ Just a little bit extra to help you out.
    PHP Code:
    function cleanInput($value){ 
    $db=new my_db
    $link $db->Connect($User$Password$Database$Host); 
    $cleanvalue strip_tags($value);
    $cleanvalue htmlentities($value);
    $cleanvalue stripslashes($value);
    return     mysql_real_escape_string(trim($cleanvalue), $link);
    }    //close cleaninput 
    Notice: If you post a problem and it gets fixed, please remember to go back and place it as solved. ;)
    I always recommend the HEAD First series of books for learning a new coding language. ^_^

    Comment

    • #3
      thanks chris,

      I usually use htmlspecialchars instead if htmlentities, i dont suppose it matters. I dont know why they originally coded this to open and close the db connection with every query like they did but its a huge pain in the butt lol, and in my opinion not very efficient at all. But unless i want to overhaul the db structure i guess ill have to live with it.

      I have actually been fighting this for some time now trying to figure out how to sanitize this thru the db connection or the query itself and was told doing it thru the query itself would mess up the query so i was back to square one. I could not do it in the file itself because of the way they structured the db connection it was not connected unless it actually ran a query.

      Until i had the bright idea to check to see how phpbb did it, because i know they use a similar structure, dont know why i didnt think of that before. But that is basically how they do it in their db class.

      I will just need to be carefull that i dont run every query thru this and possibly even have several versions of this with dif functions as some input i dont want to run all the functions on, such as a textarea i dont need to run everything on the textarea because it will turn out funky and also because part of my data is actual php file content i dont want to run everything on it.

      So i think several version of this type of function depending on the data input will serve me well. Thanks so much.

      PS i have been on this forum for a long time and i read your tag line, i dont even know how to make a topic resovled lol.
      I am not crazy, my computer had me checked but its on dialup and im still waiting for results :)
      A good way to remember objects from arrays is you shoot objects with arrows Example: $name->id; then Arrays are $name['id'];
      durangod is short for durango dave

      Comment

      • #4
        Why don't you just write your function like this and declare your $link as global that way when you can tuck this away in a functions.php file and call it when you like after you've already connected to the database earlier in any script:

        PHP Code:
        function sanitizeString($var) {
            global         $link;
                        $var strip_tags($var);
                    $var htmlentities($var);
                    $var stripslashes($var);
            return         mysql_real_escape_stringtrim($var), $link);    
        And to change your topic to resolved, just edit your very first post. Then click go advanced. Then, put the prefix to resolved.
        Notice: If you post a problem and it gets fixed, please remember to go back and place it as solved. ;)
        I always recommend the HEAD First series of books for learning a new coding language. ^_^

        Comment

        • #5
          thanks again, the main reason is that the functions php file is not included in every php file so i would need to go thru and add it to every file. But the db php file is included in every file so putting the function in the db php file as it is now i would not need to add any other include to every file which saves me tons of time.
          I am not crazy, my computer had me checked but its on dialup and im still waiting for results :)
          A good way to remember objects from arrays is you shoot objects with arrows Example: $name->id; then Arrays are $name['id'];
          durangod is short for durango dave

          Comment

          Previous template Next
          Working...
          X
          😀
          🥰
          🤢
          😎
          😡
          👍
          👎