On Jan 20, 2008 10:15 PM, nihilism machine <nihilismmachine@xxxxxxxxx> wrote:
> im trying to keep this php4 OOP. im just trying to clean the post/gets
> and then make them all into variables with their names being the keys
> to the get/post, and their values as the variables values.
>
> ie: $_POST['someFormInputName'] = "somevalue" ... turns into
> $someFormInputName = "somevalue".
>
> I am not concerned about cleaning the input as i have a function
> already for that.
>
>
>
> On Jan 20, 2008, at 10:06 PM, Nathan Nobbe wrote:
>
> > On Jan 20, 2008 9:47 PM, nihilism machine
> > <nihilismmachine@xxxxxxxxx> wrote:
> > how does this look? should this by me calling ... myforms = new
> > forms(); work by turning all key/value pairs for both get and post
> > into variable names of the same name as the get/post key, and the
> > variable values as the values from the post/get?
> >
> > class forms {
> >
> > // Some stuff
> > var $MyPosts;
> > var $MyGets;
> > var $CleanedInput;
> >
> > // Connect to the database
> > function forms() {
> > foreach($_POST as $curPostKey => $curPostVal) {
> > CleanInput($curPostKey);
> > $$curPostKey = $curPostVal;
> > }
> > foreach($_GET as $curGetKey => $curGetVal) {
> > CleanInput($curGetKey);
> > $$curGetKey = $curGetVal;
> > }
> > }
> >
> > // Attempt to login a user
> > function CleanInput($userInput) {
> > return $this->CleanedInput;
> > }
> > }
> >
> > im a little bit lost on the comments about connecting to the
> > database and logging
> > in a user. if you are writing a class to filter data in the $_POST
> > and /or $_GET, then
> > thats all it should be responsible for.
> > the decision youll have to make is this; will this class simply act
> > as a filter for these
> > arrays, which means it will modify the data in those arrays, or will
> > it leave the contents
> > of those arrays unaltered and store the filtered values in instance
> > variables? the design
> > of the class will depend upon this decision.
> > i think if you want to keep it simple, you should shoot for the
> > former option. then your
> > class would look something like this
> >
> > class InputFilter {
> > public static function filterInput($optionalFilter='') {
> > if(count($_GET) > 0) {
> > self::filterArray($_GET, $optionalFilter);
> > }
> > if(count($_POST) > 0) {
> > self::filterArray($_POST, $optionalFilter);
> > }
> > }
> >
> > private static function filterArray($array, $optionalFilter='') {
> > foreach($array as $key => $value) {
> > $$key = self::filterValue($value);
> > if(!empty($optionalFilter) &&
> > is_callable($optionalFilter)) {
> > $$key = $optionalFilter($$key);
> > }
> > }
> > }
> >
> > private static function filterValue($value) {
> > return trim(stripslashes($value)); /// <-- NOTE: this is
> > only an example
> > }
> > }
> >
> >
> > then from client space you would just say
> > InputFilter::filterInput();
> >
> > then, subsequently you can use $_POST and $_GET directly with the
> > assumption
> > that the input has been escaped.
> > and, using the class above, you can also supply a custom filtering
> > function as well,
> > on a per-need basis; eg.
> >
> > function filterMsql($value) {
> > return mysql_real_escape_string($value);
> > }
> > InputFilter::filterInput('filterMysql');
> >
> > NOTE: i just typed this into my mail client, so it might not be
> > perfect.
> >
> > -nathan
>
>
Look up extract(). This is a horrible idea you're trying to do though.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
