Reply to Re: iterate through function arguments by reference

Your name:

Reply:


Posted by amygdala on 08/15/06 12:00

"C." <colin.mckinnon@gmail.com> schreef in bericht
news:1155559381.611121.40280@i42g2000cwa.googlegroups.com...
> amygdala wrote:
>>
>> I would like to iterate through arguments passed to a function, modify
>> them
>> but still let them hold there original name. To be precise: I want users
>> to
>> fill in a register form and once submitted, trim() all field values after
>> being passed to the function register().
>>
>
> Yes it is possible - and its such a general question that there are
> lots of different ways to do it.
>
> The idea of modifying the data in-situ gives me a bit of a problems
> though. In any user facing application there are three things you need
> to do: validate, validate and VALIDATE. If you're trying to bolt on
> validation to an exisitng system then it is already seriously flawed.
> I, and I suspect most programmers, would want to keep the cleaned up
> data well seperated from the raw data e.g. by putting it somewhere
> else:
>
> function clean($in)
> {
> $out=array();
> foreach($in as $key=>$val) {
> $out[$key]=transform($val);
> }
> return($out);
> }
>
> register(clean($_REQUEST));
>
> You should also be thinking about protecting your system from injection
> attacks and making the data more palatable to whatever storage
> mechanism you are using...
>
> function transform($datum)
> {
> $cleaned=trim($datum);
> $cleaned=htmlentities($cleaned);
> $cleaned=mysql_escape_string($cleaned);
> return($cleaned);
> }
>
> Of course, if you really must, then $_POST, $_REQUEST et al are
> writable as well as readable in your script:
>
> $_GET=transform($_GET);
>
> Will have the effect you want.
>
> Note that the title of your post is a bit misleading - in the examples
> above I've not modified the data pased as parameters, but it is
> possible to pass references to variables instead of passing copies of
> the variables - see the PHP manual for more details.
>
> HTH
>
> C.
>

I see your points, and I am aware of the importance of validating user input
and preventing SQL injection. I'm using PDO's prepare function and execute
statement, amongst other things.

I didn't see much danger in overwriting user input arguments by cleaned up
values though. Anyway, your suggestions were not what I had in mind exactly
but it looks like your approach is the smarter thing to do anyway.

Thanks!

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация