Jump to content

Recommended Posts

Hello everybody,

 

I'm fairly new to PHP. I was wondering if you could help me with the meaning of

=&

since trying to search for such things tends to turn up nothing.

 

I found it in a very small php class I downloaded (hoping to learn something) and at the bottom there is

$sanitizedData =& new sanitize();

("sanitize" being the name of the class or am I stating the obvious here?)

 

Thanks in advance,

Sam

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/
Share on other sites

Yeah, in php4 when you would create an object with new and assign it to a variable, the assignment itself would make a copy of the object. In many cases that didn't tend to matter much, but if the constructor was doing a lot of heavy duty stuff, or was creating resources, you would use the =& to get around the quirk.

 

In php5 all objects are passed by reference, so you no longer have to worry about this issue.  There are of course still lots of php4 libraries out there, and you are apparently using one of them.  If there's a way you can find a newer one, I'd recommend it.

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/#findComment-1075173
Share on other sites

In php5 all objects are passed by reference, so you no longer have to worry about this issue.  There are of course still lots of php4 libraries out there, and you are apparently using one of them.  If there's a way you can find a newer one, I'd recommend it.

 

First of all thank you for your prompt replies! I really appreciate your help and will read more upon this matter through the link posted above. Here is the class I downloaded. I'm a total newbie but from the little I can tell, there isn't much to it that can be referred to as "old" or "new" apart from what you mentioned just now right? (I don't mean to contradict, just asking so I learn)

 

Thank you once more!

 

<?php

/**
* @class Sanitize
* @author Nirmit Bothra
* @copyright 2007
* @description This class sanitizes all user input which are accessed by PHP using POST, GET or REQUEST variables. Data sanitation helps in making 
*				safe transactions with a database. 
*/

class sanitize {
function sanitize() {
	// class constructor and 
	$this->sanitizeCookie();
	$this->sanitizeGet();
	$this->sanitizeRequest();
	$this->sanitizePost();
}

function sanitizePost() {
	foreach($_POST as $key=>$value) {
		$_POST[$key] = addslashes($value);
	}
}
function sanitizeGet() {
	foreach($_GET as $key=>$value) {
		$_GET[$key] = addslashes($value);
	}
}
function sanitizeRequest() {
	foreach($_REQUEST as $key=>$value) {
		$_REQUEST[$key] = addslashes($value);
	}
}
function sanitizeCookie() {
	foreach($_COOKIE as $key=>$value) {
		$_COOKIE[$key] = addslashes($value);
	}
}
}

$sanitizedData =& new sanitize();
?>

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/#findComment-1075182
Share on other sites

First off, you have to define what you mean by sanitation.  The class you were looking at did almost nothing, other than to escape values assumably for insertion into a database.  If that's what you want, there are functions for at least some of the databases that are specific to them.  In the case of mysql, there' mysql_real_escape_string() which is what you should use for escaping.

 

 

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/#findComment-1075193
Share on other sites

It actually depends on what you're sanitising your variables for. For example for use with mysql, a code would look like this

 

$variable = $_POST['variable'];
if(get_magic_quotes_gps()) {
  $variable = stripslashes($variable);
}
$variable = mysql_real_escape_string($variable);

 

This is for one variable only. It can be extended to sanitise entire contents og _GET, _POST and _COOKIE, but personally I think each variable should be sanitised separately.

There are also further concerns to be taken care of, like checking if variable content matches specific patter (i.e. does 'email' field looks like a valid email address).

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/#findComment-1075196
Share on other sites

It actually depends on what you're sanitising your variables for. For example for use with mysql, a code would look like this

 

$variable = $_POST['variable'];
if(get_magic_quotes_gps()) {
  $variable = stripslashes($variable);
}
$variable = mysql_real_escape_string($variable);

 

This is for one variable only. It can be extended to sanitise entire contents og _GET, _POST and _COOKIE, but personally I think each variable should be sanitised separately.

There are also further concerns to be taken care of, like checking if variable content matches specific patter (i.e. does 'email' field looks like a valid email address).

 

 

Ok I'm hoping I won't take too much of your time since I already did. My apologies.

 

I was looking for something that I can "bounce off" (return?) user-input from - as in, user inputs data, data is "filtered" through this class and returned sanitized and off to the database. Sorry my terminology is just as bad so I hope I'm not confusing you further.

 

So 1) I don't know if it's even a clever idea to 'generalize' such function putting in one class/file 2) is it at all possible to do so?

 

There's so much to learn and I never give up it's just that it gets mind-boggling the sheer amount of functions etc there are to learn! Thanks again for your kind patience!

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/#findComment-1075203
Share on other sites

Perhaps you should read this first:

http://www.phpfreaks.com/tutorial/php-security

 

Oh dear!  :shy: Had a quick look at the topics covered and it's exactly what I was looking for! Thank you! My being eternally grateful to you for this link won't bring warm food on your table but I certainly am! Thanks!! I'm off to read it and learn something new!

 

Cheers,

Sam

Link to comment
https://forums.phpfreaks.com/topic/205449-what-does-mean/#findComment-1075206
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.