Re: POST/GET into variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jan 20, 2008 9:47 PM, nihilism machine <nihilismmachine@xxxxxxxxx> wrote:

> how does this look? should this by me calling ... myforms = new
> forms(); work by turning all key/value pairs for both get and post
> into variable names of the same name as the get/post key, and the
> variable values as the values from the post/get?
>
> class forms {
>
>        // Some stuff
>        var $MyPosts;
>        var $MyGets;
>        var $CleanedInput;
>
>     // Connect to the database
>        function forms() {
>                foreach($_POST as $curPostKey => $curPostVal) {
>                        CleanInput($curPostKey);
>                        $$curPostKey = $curPostVal;
>                }
>                foreach($_GET as $curGetKey => $curGetVal) {
>                        CleanInput($curGetKey);
>                        $$curGetKey = $curGetVal;
>                }
>        }
>
>     // Attempt to login a user
>        function CleanInput($userInput) {
>                return $this->CleanedInput;
>        }
> }


im a little bit lost on the comments about connecting to the database and
logging
in a user.  if you are writing a class to filter data in the $_POST and /or
$_GET, then
thats all it should be responsible for.
the decision youll have to make is this; will this class simply act as a
filter for these
arrays, which means it will modify the data in those arrays, or will it
leave the contents
of those arrays unaltered and store the filtered values in instance
variables?  the design
of the class will depend upon this decision.
i think if you want to keep it simple, you should shoot for the former
option.  then your
class would look something like this

class InputFilter {
    public static function filterInput($optionalFilter='') {
        if(count($_GET) > 0) {
           self::filterArray($_GET, $optionalFilter);
        }
        if(count($_POST) > 0) {
            self::filterArray($_POST, $optionalFilter);
       }
    }

    private static function filterArray($array, $optionalFilter='') {
        foreach($array as $key => $value) {
            $$key = self::filterValue($value);
            if(!empty($optionalFilter) && is_callable($optionalFilter)) {
                $$key = $optionalFilter($$key);
            }
        }
    }

    private static function filterValue($value) {
        return trim(stripslashes($value));    /// <-- NOTE: this is only an
example
    }
}


then from client space you would just say
InputFilter::filterInput();

then, subsequently you can use $_POST and $_GET directly with the assumption
that the input has been escaped.
and, using the class above, you can also supply a custom filtering function
as well,
on a per-need basis; eg.

function filterMsql($value) {
    return mysql_real_escape_string($value);
}
InputFilter::filterInput('filterMysql');

NOTE: i just typed this into my mail client, so it might not be perfect.

-nathan
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux