[SOLVED] function making problem...

[Brian W]

I am trying to learn how to make functions while meanwhile making some custom sanitizers.

This is what I have so far for my test page.

<head>
<title>Test Functions</title>
</head>
<?php
function clean($str, $type) {
if(empty($type)){
	$Restrict = array('/\%/','/\*/','/\_/','/\-/','/\'/','/\"/','/\\\/');
	$str1 = preg_replace($Restrict, " ", $str);
	$str2 = stripslashes($str1);
	$str3 = strip_tags($str2);
	return $str3;
}
if($type == "int") {
$str1 = intval($str);
return $str1;
}
}
?>
<body>
<form id="form1" name="form1" method="post" action="?">
  <label>
  <input type="text" name="test" id="test" />
  </label>
  <label>
  <input type="submit" name="button" id="button" value="Submit" />
  </label>
</form>
<?php //results
if(isset($_POST['test'])) {
echo "plain= ".$_POST['test']."<br>";
echo "clean= ".clean($_POST['test'])."<br>";
echo "clean int= ".clean($_POST['test'], int);
}
?>
</body>
</html>

It works, but I get this message right after the use of " clean($_POST['test'])

Warning: Missing argument 2 for clean() in /homepages/38/d214759723/htdocs/functions.php on line 2

I found something on Google that leads me to believe I may need to have my $type come first in the argument, but I really don't want it there because I want the function to default if I don't designate what type of clean I want.

Any input greatly appreciated.

 

[volatileboy]

echo "clean int= ".clean($_POST['test'], int);

 

make it:

 

echo "clean int= ".clean($_POST['test'], "int");

[volatileboy]

sorry use single quotes =)

 

echo "clean int= ".clean($_POST['test'], 'int');

[PFMaBiSmAd]

The user written function section in the php manual describes how to use a default parameter.

[Brian W]

My clean int works all three ways, w/o quotes, with double, and with single. It seems it doesn't matter...

Though I've read that section in the manual twice now, I don't seem to get why I get the error I'm getting.

[Brian W]

nvm, I reared (again) and caught on about what they were doing for defaults. Another problem easily solved with careful reading. Thanks

[PFMaBiSmAd]

Without any quotes, php attempts to find a defined constant called int. When it does not, it assumes you meant a string and tries again with a string value. This all takes time (at least 10-20 times longer to execute that line of code than if you used quotes.)

 

Double-quotes and single-quotes are functionally equivalent unless you have a php  variable or characters like \n. In which case the double-quoted string would parse these and a single-quoted string would not.

[Brian W]

thank you for informing me of that. When I get using this function, I might have started noticing the slow processing but not known why it was happening.

if I use

	$str2 = preg_replace("/</", '<', $str1);
$str3 = preg_replace("/</", '>', $str2);

Is that safe for when I want code that has been submitted to be displayed?

[PFMaBiSmAd]

preg_replace() is fairly slow for just finding and replacing a string. str_replace() would be faster, but htmlentities() will replace all the special HTML characters using a single function call.