im trying to keep this php4 OOP. im just trying to clean the post/gets
and then make them all into variables with their names being the keys
to the get/post, and their values as the variables values.
ie: $_POST['someFormInputName'] = "somevalue" ... turns into
$someFormInputName = "somevalue".
I am not concerned about cleaning the input as i have a function
already for that.
On Jan 20, 2008, at 10:06 PM, Nathan Nobbe wrote:
On Jan 20, 2008 9:47 PM, nihilism machine
<nihilismmachine@xxxxxxxxx> wrote:
how does this look? should this by me calling ... myforms = new
forms(); work by turning all key/value pairs for both get and post
into variable names of the same name as the get/post key, and the
variable values as the values from the post/get?
class forms {
// Some stuff
var $MyPosts;
var $MyGets;
var $CleanedInput;
// Connect to the database
function forms() {
foreach($_POST as $curPostKey => $curPostVal) {
CleanInput($curPostKey);
$$curPostKey = $curPostVal;
}
foreach($_GET as $curGetKey => $curGetVal) {
CleanInput($curGetKey);
$$curGetKey = $curGetVal;
}
}
// Attempt to login a user
function CleanInput($userInput) {
return $this->CleanedInput;
}
}
im a little bit lost on the comments about connecting to the
database and logging
in a user. if you are writing a class to filter data in the $_POST
and /or $_GET, then
thats all it should be responsible for.
the decision youll have to make is this; will this class simply act
as a filter for these
arrays, which means it will modify the data in those arrays, or will
it leave the contents
of those arrays unaltered and store the filtered values in instance
variables? the design
of the class will depend upon this decision.
i think if you want to keep it simple, you should shoot for the
former option. then your
class would look something like this
class InputFilter {
public static function filterInput($optionalFilter='') {
if(count($_GET) > 0) {
self::filterArray($_GET, $optionalFilter);
}
if(count($_POST) > 0) {
self::filterArray($_POST, $optionalFilter);
}
}
private static function filterArray($array, $optionalFilter='') {
foreach($array as $key => $value) {
$$key = self::filterValue($value);
if(!empty($optionalFilter) &&
is_callable($optionalFilter)) {
$$key = $optionalFilter($$key);
}
}
}
private static function filterValue($value) {
return trim(stripslashes($value)); /// <-- NOTE: this is
only an example
}
}
then from client space you would just say
InputFilter::filterInput();
then, subsequently you can use $_POST and $_GET directly with the
assumption
that the input has been escaped.
and, using the class above, you can also supply a custom filtering
function as well,
on a per-need basis; eg.
function filterMsql($value) {
return mysql_real_escape_string($value);
}
InputFilter::filterInput('filterMysql');
NOTE: i just typed this into my mail client, so it might not be
perfect.
-nathan
