Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts

    clean input question

    I think i finally got this licked but i wanted to check with you all first.

    here is what i did to clean my input and make sure every time that i have a valid db connection. I am not getting any errors so i think its working fine.

    PHP Code:

    class my_db extends DB_Sql {
    var 
    $Host "localhost"//Database hostname (most likely localhost)
    var $Database "dbname"//Database name
    var $User "dbuser"//Database user uesrname
    var $Password "dbpass"//Database user password
    }// close class my_db


    //clean the input using db connection

    function cleanInput($value){
    $db=new my_db;
    $link $db->Connect($User$Password$Database$Host);
    $cleanvalue=mysql_real_escape_string($value$link);
    return 
    $cleanvalue;
    }
    //close cleaninput 
    since this db file is included in every php file i have then in the file itself i just call

    PHP Code:
    $var cleanInput($_POST['whatever']); 
    Last edited by durangod; 09-05-2011 at 03:34 PM.

  • #2
    Regular Coder
    Join Date
    Oct 2010
    Location
    Florence, MS
    Posts
    486
    Thanks
    10
    Thanked 33 Times in 32 Posts
    You might like this version of your clean input. ^_^ Just a little bit extra to help you out.
    PHP Code:
    function cleanInput($value){ 
    $db=new my_db
    $link $db->Connect($User$Password$Database$Host); 
    $cleanvalue strip_tags($value);
    $cleanvalue htmlentities($value);
    $cleanvalue stripslashes($value);
    return 
    mysql_real_escape_string(trim($cleanvalue), $link);
    }
    //close cleaninput 
    Notice: If you post a problem and it gets fixed, please remember to go back and place it as solved. ;)
    I always recommend the HEAD First series of books for learning a new coding language. ^_^

  • Users who have thanked Chris Hick for this post:

    durangod (09-05-2011)

  • #3
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    thanks chris,

    I usually use htmlspecialchars instead if htmlentities, i dont suppose it matters. I dont know why they originally coded this to open and close the db connection with every query like they did but its a huge pain in the butt lol, and in my opinion not very efficient at all. But unless i want to overhaul the db structure i guess ill have to live with it.

    I have actually been fighting this for some time now trying to figure out how to sanitize this thru the db connection or the query itself and was told doing it thru the query itself would mess up the query so i was back to square one. I could not do it in the file itself because of the way they structured the db connection it was not connected unless it actually ran a query.

    Until i had the bright idea to check to see how phpbb did it, because i know they use a similar structure, dont know why i didnt think of that before. But that is basically how they do it in their db class.

    I will just need to be carefull that i dont run every query thru this and possibly even have several versions of this with dif functions as some input i dont want to run all the functions on, such as a textarea i dont need to run everything on the textarea because it will turn out funky and also because part of my data is actual php file content i dont want to run everything on it.

    So i think several version of this type of function depending on the data input will serve me well. Thanks so much.

    PS i have been on this forum for a long time and i read your tag line, i dont even know how to make a topic resovled lol.

  • #4
    Regular Coder
    Join Date
    Oct 2010
    Location
    Florence, MS
    Posts
    486
    Thanks
    10
    Thanked 33 Times in 32 Posts
    Why don't you just write your function like this and declare your $link as global that way when you can tuck this away in a functions.php file and call it when you like after you've already connected to the database earlier in any script:

    PHP Code:
    function sanitizeString($var) {
        global 
    $link;
            
    $var strip_tags($var);
        
    $var htmlentities($var);
        
    $var stripslashes($var);
        return 
    mysql_real_escape_stringtrim($var), $link);    

    And to change your topic to resolved, just edit your very first post. Then click go advanced. Then, put the prefix to resolved.
    Notice: If you post a problem and it gets fixed, please remember to go back and place it as solved. ;)
    I always recommend the HEAD First series of books for learning a new coding language. ^_^

  • #5
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    thanks again, the main reason is that the functions php file is not included in every php file so i would need to go thru and add it to every file. But the db php file is included in every file so putting the function in the db php file as it is now i would not need to add any other include to every file which saves me tons of time.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •