rk8479

In my DB class i have a function to do a simple sanitize operation. The function does three things: 1. checks weather the input variable is a integer, if it is then it gets the int value of the variable and returns it. 2. checks weather the input variable is a string, if it is then it escapes it and returns it. 3. if it is neither an integer or a string then the variable is unset and returns a "Variable deleted" message. function sanitizeData($dbc, $input){ if(is_int($input)){ $input = intval($input); return $input; } elseif(is_string($input)){ $input = mysqli_real_escape_string($dbc, $input); return $input; } elseif(!is_int($input) OR !is_string($input)){ unset($input); return "Variable contents unknown, variable deleted!"; } } I wanted other peoples ideas, opinions and suggestions on this function and what you think of it Thanks

Hi, could you please post ALL related code and files, we need to see all of the page contents also; you dont have a closing ?> after else { activateUser($emailcode); } } that maybe why its not working, if not then come back with all the code from the pages please

Hi, i don't know what exactly is the problem as its too vague and lacking alot of detail however i will point out some things you can do to make your code more manageable and safe 1. put your DB connection code in a separate file and require it at the top of all php file that need it. 2. always use a form of escaping the DB input as taking the values from user input and putting them straight into the DB is very dangerous 3. its bad practise to use PHP_SELF to reload the page with a form on it, create the form on a seperate page and use the filename of the complete script in the action part so the page with the form and values goes straight to that file. 4. remember that using $_REQUEST[''] variable will search $_GET[''] $_POST[''] $_COOKIE[''] so make sure you dont have a $_POST['user'] and a $_GET['user'] with different values. Hope this helps

Hi, it mainly depends on what aspect of your visitors you want to track, you could track them by thier IP address and store that in a database or a textfile (i would recommending ditching the text file idea as its not index-able like a DB is). you could also track them by the device they use, you could use the user agent to get its raw form or use a third party library such as Detector. you could also track what pages the IP visits by using $_SERVER['REMOTE_ADDR'] to gain the IP and then use $_SERVER['REQUEST_URI'] to gain the visitors page they visited again, this information is most likely inefficient in a text file, once you get the values then just upload them to a DB then you could select where the visitor from a selected IP has been on your site