Jump to content

Recommended Posts

Hello again peeps,

 

I dont know if i name the subject correct but basically is this a correct function ?,

 

<?php

function Clean($input) {

$clean = mysql_real_escape_string($input);

return $clean;

}

Clean($_POST);

?>

 

Many thanks,

 

James.

Well, it's a correct function (there is no such thing as an "incorrect function"), but you can't use it the way you want to. If you want to apply a string operation on an array you'll have to use array_map or iterate over all the elements in the array to apply the string operation on each element manually.

Hello again peeps,

 

I dont know if i name the subject correct but basically is this a correct function ?,

 

<?php

function Clean($input) {

$clean = mysql_real_escape_string($input);

return $clean;

}

Clean($_POST);

?>

 

Many thanks,

 

James.

 

You dont have to assign a variable to it and return it. You can simply return the function itself.

 

function clean($input) {
  return mysql_real_escape_string($input);
}

Well, it's a correct function (there is no such thing as an "incorrect function"), but you can't use it the way you want to. If you want to apply a string operation on an array you'll have to use array_map or iterate over all the elements in the array to apply the string operation on each element manually.

 

Ok, Sure :) how do i use array_map() that's a new one to me iv never used it ?,

 

James.

Im adding the function to this,

 

<?php

  class Command {
            private $dbusername;
            private $dbpassword;
            private $dbhost;
            private $dbbase;
            private $lusername;
            private $lpassword;
            private $randid;
            private $aname;
            private $aadress;
            private $aadresstwo;
            private $apostcode;
            private $acountry;
            private $aphone;
            private $acounty;
            private $mfirstname;
            private $mlastname;
            private $memail;
            private $mphone;
            private $mtype;
            private $maddress;
            private $maddresstwo;
            private $mcity;
            private $mcounty;
            private $mpostcode;
            private $mcountry;
            
            
      function __construct($dbusername = "root", $dbpassword = "", $dbhost = "localhost", $dbbase = "sli", $lusername = "none", $lpassword = "none", $randid = "mt_rand();", $aname = "none", $aaddress = "none", $aaddresstwo = "none", $apostocde = "none", $acountry = "none", $aphone = "none", $acounty = "none") {
          
          $this->dbusername = $dbusername;
          $this->dbpassword = $dbpassword;
          $this->dbhost = $dbhost;
          $this->dbbase = $dbbase;
          $this->lusername = $lusername;
          $this->lpassowrd = $lpassword;
          $this->randid = mt_rand();

      }
                                          
      function MYSQLConnection() {
          
          $this->MYSQLConnect = mysql_connect($this->dbhost, $this->dbusername, $this->dbpassword);
          $this->SelectDB = mysql_select_db($this->dbbase, $this->MYSQLConnect) or die(mysql_error());
          
          return($this->SelectDB); 
      }
   
      function Login($lusername, $lpassword) {
          
                  session_start();
                  
          $this->lusername = mysql_real_escape_string($lusername);
          $this->lpassword = mysql_real_escape_string(md5($lpassword));
          
          $this->LoginQ = "SELECT * FROM `members` WHERE username = '$this->lusername' AND password = '$this->lpassword'";
          $this->LoginR = mysql_query($this->LoginQ) or die (mysql_error());
              
          if(mysql_num_rows($this->LoginR) == '1') {
           
              while($fetch =  mysql_fetch_array($this->LoginR)) { 
                  
                  if($fetch['sus'] == '0') {

                            $_SESSION['username'] = $this->lusername;
                            $_SESSION['id'] = $fetch['id'];
                            $_SESSION['firstname'] = $fetch['firstname'];
                            $this->lid = $fetch['id'];
                                  header('Location: rest_home.php');

                  }   else {
                      
                      echo ("Sorry but the account you are trying to access is suspended, Please try again.");
                      
                    exit();
                  }

              } 
                 

              echo "Sorry but the account you are trying to access is non existant, Please try again.";    
          }    
  }
  
      function Logout() {
        session_start();
        session_unset();
        session_destroy();  
    }
    
      function AddEst($aname, $aaddress, $aaddresstwo, $apostcode, $acounrty, $aphone, $acounty) {
      
          $this->aname = $aname;
          $this->aaddress = $aaddress;
          $this->aaddresstwo = $aaddresstwo;
          $this->apostcode = $apostocde;
          $this->acountry = $acountry;
          $this->aphone = $aphone;
          $this->acounty = $acounty;
          
       mysql_query("INSERT INTO `establishments` (mid, username, id, name, address, addresstwo, postcode, county, phone, country) VALUES('$this->lid', '$this->lusername', $this->ranid', '$this->aname', '$this->aaddress', '$this->aaddresstwo', '$this->apostcode', '$this->acounty', '$this->aphone', '$this->acountry')") or die(mysql_error());
       $adddone = "Your establishment was succesfully added.";
       
       return $adddone;  
      }

      function SessionSecurity() {

if (!function_exists('session_regenerate_id')) {

            $tv = gettimeofday();
            $lcg['s1'] = $tv['sec'] ^ (~$tv['usec']);
            $lcg['s2'] = posix_getpid();

            $q = (int) ($lcg['s1'] / 53668);
            $lcg['s1'] = (int) (40014 * ($lcg['s1'] - 53668 * $q) - 12211 * $q);
            if ($lcg['s1'] < 0)
                $lcg['s1'] += 2147483563;

            $q = (int) ($lcg['s2'] / 52774);
            $lcg['s2'] = (int) (40692 * ($lcg['s2'] - 52774 * $q) - 3791 * $q);
            if ($lcg['s2'] < 0)
                $lcg['s2'] += 2147483399;

            $z = (int) ($lcg['s1'] - $lcg['s2']);
            if ($z < 1) {
                $z += 2147483562;
            }

            return $z * 4.656613e-10;
        }
     }

      function SessionRegen() {

            $tv = gettimeofday();
            $buf = sprintf("%.15s%ld%ld%0.8f", $_SERVER['REMOTE_ADDR'], $tv['sec'], $tv['usec'], $this->SessionSecurity() * 10);
            session_id(md5($buf));
            if (ini_get('session.use_cookies'))
                setcookie('PHPSESSID', session_id(), NULL, '/');
            return TRUE;
        }
        
      function SessionCheck() {
            
            if(isset($_SESSION['id']) && isset($_SESSION['username']) && isset($_SESSION['firstname'])) {
                
            } else {
                header('Location: login.php');
                exit();
            }
        }
        
      function AddMem($mfirstname, $mlastname, $memail, $mphone, $mtype, $maddress, $maddresstwo, $mcity, $mcounty, $mpostcode, $mcountry){
             
          $this->mfirstname = $mfirstname;
          $this->mlastname = $mlastname;
          $this->memail = $memail;
          $this->mphone = $mphone;
          $this->mtype = $mtype;
          $this->maddress = $maddress;
          $this->maddresstwo = $maddresstwo;
          $this->mcity = $mcity;
          $this->mcounty = $mcounty;
          $this->mpostcode = $mpostcode;
          $this->mcountry = $mcountry;
        
          
            mysql_query("INSERT INTO `members` (id, firstname, lastname, email, phone, type, address, addresstwo, city, county, postcode, country, username, password, sus) VALUES('$this->randid', '$this->mfirstname', '$this->mlastname', '$this->memail', '$this->mphone', '$this->mtype', '$this->maddress', '$this->maddresstwo', '$this->mcity', '$this->mcounty', '$this->mpostcode', '$this->mcountry', '', '', '1')") or die(mysql_error());
             header('Location: reg_done.html');
             
        }
    
  }

?>

Well, it's a correct function (there is no such thing as an "incorrect function"), but you can't use it the way you want to. If you want to apply a string operation on an array you'll have to use array_map or iterate over all the elements in the array to apply the string operation on each element manually.

 

Ok, Sure :) how do i use array_map() that's a new one to me iv never used it ?,

 

James.

 

Why don't you follow the link to the manual page?

 

Depends how you see it. If he uses the function he could always add more functions in it later.

 

I don't buy it. Then you might as well create wrapper functions around all the library functions provided by PHP in case you might want to customize it later on.

Well, it's a correct function (there is no such thing as an "incorrect function"), but you can't use it the way you want to. If you want to apply a string operation on an array you'll have to use array_map or iterate over all the elements in the array to apply the string operation on each element manually.

 

Ok, Sure :) how do i use array_map() that's a new one to me iv never used it ?,

 

James.

 

Why don't you follow the link to the manual page?

 

Depends how you see it. If he uses the function he could always add more functions in it later.

 

I don't buy it. Then you might as well create wrapper functions around all the library functions provided by PHP in case you might want to customize it later on.

 

 

I am on it now i use http://www.php.net all the time,

 

That's how i made the class i just posted i pretty much looked at every function i have in that class on php.net,

 

And could someone show me a example of how to use array_map() please,

 

Many thanks,

 

James.

If you insist... straight from the manual:

<?php
function cube($n)
{
    return($n * $n * $n);
}

$a = array(1, 2, 3, 4, 5);
$b = array_map("cube", $a);
print_r($b);
?>

Output:

Array
(
    [0] => 1
    [1] => 8
    [2] => 27
    [3] => 64
    [4] => 125
)

If you insist... straight from the manual:

<?php
function cube($n)
{
    return($n * $n * $n);
}

$a = array(1, 2, 3, 4, 5);
$b = array_map("cube", $a);
print_r($b);
?>

Output:

Array
(
    [0] => 1
    [1] => 8
    [2] => 27
    [3] => 64
    [4] => 125
)

 

I understand that, I just have completely no idea on how to make it function with the global var $_POST,

 

Many thanks,

 

James.

It would be the same thing, just with different arguments:

 

$_POST = array_map('mysql_real_escape_string', $_POST);

 

I wouldn't advise you to do that though. It would be better just filtering the values you need instead of writing code that has side effects in the global space.

It would be the same thing, just with different arguments:

 

$_POST = array_map('mysql_real_escape_string', $_POST);

 

I wouldn't advise you to do that though. It would be better just filtering the values you need instead of writing code that has side effects in the global space.

 

Ok thankyou, Well all i want to do is make a function out of it and then on say my login page put

 

<?php Clean($_POST); ?>

 

So all the post's are cleaned in one hit,

 

Many thanks,

 

James.

I don't buy it. Then you might as well create wrapper functions around all the library functions provided by PHP in case you might want to customize it later on.

 

So you would preffer to have something like this:

 

mysql_real_escape_string(stripslashes(trim($_POST['username']));

 

Oppose to something like this?

function DBsanitize($input) {
return mysql_real_escape_string(stripslashes(trim($input));
}

DBsanitize($_POST['username']);

 

So lets say months later I want to encrypt one of my POST variables. That means I would have to go to wherever that POST value is in an manually add an md5()(as an example).

 

Or I could save time by doing

function DBsanitize($input, $encrypt = 'no') {
  if (strtolower($encrypt) == 'yes') {
    return md5(mysql_real_escape_string(stripslashes(trim($input)));
  }
  return mysql_real_escape_string(stripslashes(trim($input));
}

 

I don't buy it. Then you might as well create wrapper functions around all the library functions provided by PHP in case you might want to customize it later on.

 

So you would preffer to have something like this:

 

mysql_real_escape_string(stripslashes(trim($_POST['username']));

 

Oppose to something like this?

function DBsanitize($input) {
return mysql_real_escape_string(stripslashes(trim($input));
}

DBsanitize($_POST['username']);

 

So lets say months later I want to encrypt one of my POST variables. That means I would have to go to wherever that POST value is in an manually add an md5()(as an example).

 

Or I could save time by doing

function DBsanitize($input, $encrypt = 'no') {
  if (strtolower($encrypt == 'yes')) {
    return md5(mysql_real_escape_string(stripslashes(trim($input)));
  }
  return mysql_real_escape_string(stripslashes(trim($input));

 

I dont want to have to dont one by one with the $_POST var's i just need a safe, secure, shortcut lol :),

 

Many thanks,

 

James.

9three, no, I still don't buy it. I can keep adding on "say I later optionally want X" ad infinitum and end up with hundreds of arguments in the procedural analogue to OOP's "God Object".

 

See this topic for some of my past comments regarding this.

9three, no, I still don't buy it. I can keep adding on "say I later optionally want X" ad infinitum and end up with hundreds of arguments in the procedural analogue to OOP's "God Object".

 

See this topic for some of my past comments regarding this.

 

I did it guy's :) cheers for your time peeps,

 

Many many thanks,

 

James.

Well, if you ever work on a project with a lot of code you will appreciate that entities are loosely coupled and that the responsibility of these entities is not all-encompassing.

 

Things should have as little responsibility as they need so it's function becomes easier to describe. This makes testing it a lot easier.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.