Reply to Re: cleaning up code Q1

Your name:

Reply:


Posted by The Hub on 07/21/05 17:23

I'd use $_REQUEST, unless for some reason you want to prevent people from
using $_GET, in which case I'd use
isset($_POST['var'])?$_POST['var']:$_SESSION['var']. If the variable is not
set, it will simply return empty string, which will go through the filter in
no time.
I'd also replace all those double-quotes with singles, you can remove most
of the backslashes, and PHP won't try to parse it for variables. And unless
that last replacement is supposed to be a line break, I'd use just one empty
single quote for the replacement string.

"Pasquale" <spdrweb@NOTHNXtelusplanet.net> wrote in message
news:pkDDe.139528$9A2.21555@edtnps89...
> In my attempts to clean up and improve my PHP coding, I will probably be
> submitting questions over the next couple of months as necessary for
> everyones input and suggestions. Thanks in advance.
>
> First set of questions. I am using the code below to initialize variables
> and filter out unwanted characters from every text input fields.
>
> I'm wondering is this a good or bad idea? If good, can they be put into an
> include file for use? Should I be using isset() as in option 2?
>
> I also wanted to add $_POST as in option 3, however the variable may come
> from $_SESSION. Should I use $_REQUEST?
>
>
>
> option 1:
> $address = Filter($address); ## at the top of my scripts
> $city = Filter($city); ## at the top of my scripts
>
> option 2:
> $address = isset($address) ? Filter($address) : '';
> $city = isset($city) ? Filter($city) : '';
>
> option 3:
> $address = Filter($_POST['address']);
> $city = Filter($_POST['city']);
>
>
> function Filter () {
> $valu = func_get_arg(0);
> if (isset($valu) && $valu != "") {
> $search = array
> ("'\~'","'\`'","'\!'","'\@'","'\%'","'\^'","'\&'","'\*'","'\_'","'\+'","'\='","'\{'","'\}'",
>
> "'\['","'\]'","'\|'","'\:'","'\;'","'\"'","'\''","'\<'","'\>'","'\/'","'\\\'","'\s+'");
> $replace = array
> ("","","","","","","","","","","","","","","","","","","","","","","","","
> ");
> $valu = preg_replace($search,$replace,$valu);
> $valu = trim($valu);
> }
> return (isset($valu) && $valu != "") ? $valu : "";
> }
>
>
>
>

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация