devilsvein Posted January 18, 2013 Share Posted January 18, 2013 (edited) Trying to create a function to sanitize some variables. What I have done so far is: function securevar ($var) { $var = htmlentities($var, ENT_QUOTES); if ( strlen ($var) >= 9) { $var == "401"; } } database results perfectly come and work if I dont use the above function but as soon as I do: $username = securevar($row['Username']); It returns blank and no error message. Aslo forgot to say var_dump on $username returns NULL Edited January 18, 2013 by devilsvein Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 18, 2013 Share Posted January 18, 2013 (edited) Your function doesn't return anything. http://us3.php.net/return http://us3.php.net/manual/en/functions.returning-values.php Edited January 18, 2013 by Jessica Quote Link to comment Share on other sites More sharing options...
devilsvein Posted January 18, 2013 Author Share Posted January 18, 2013 Thanks for that jessica. Honestly wouldn't know what I would have done without you. Stupid mistake on my behalf. Was too busy looking at the void functions in c++ Quote Link to comment Share on other sites More sharing options...
devilsvein Posted January 18, 2013 Author Share Posted January 18, 2013 I was also wondering why doesnt my htmlentities work? It dont want to convert " / ' or other symbols when i look at the display =/ Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 18, 2013 Share Posted January 18, 2013 / is not a character that needs html encoding. Quote Link to comment Share on other sites More sharing options...
devilsvein Posted January 18, 2013 Author Share Posted January 18, 2013 / is not a character that needs html encoding. That was suppose to seperate the double and single apostrophies lol But i've tried the & < > and still nothing gets replaced. its displayed exactly the same Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 18, 2013 Share Posted January 18, 2013 You should post your updated function, sample input and sample output. What do you expect to happen? Quote Link to comment Share on other sites More sharing options...
devilsvein Posted January 18, 2013 Author Share Posted January 18, 2013 function securevar($var) { $var = htmlentities($var, ENT_QUOTES); if ( strlen ($var) >= 9) { $var == "401"; } return $var; } $username = securevar($row['Username']); Basically what Im expecting to happen is that $row['username']; goes into the function and gets sanitized to prevent xss attacks. it then returns to the same variable the result which is now sanitized. If after being sanitized it has more then 9 digits I print 401 instead of the sanitized name. This then gets stored in a new variable for ease of remebering which is $username Quote Link to comment Share on other sites More sharing options...
devilsvein Posted January 18, 2013 Author Share Posted January 18, 2013 Think it was working. I tried <font color red>Name</font> with and without htmlentities and 1 made it red whilst the other just diplayed the markup codes? But it didn't go through the if statement? Quote Link to comment Share on other sites More sharing options...
Jessica Posted January 18, 2013 Share Posted January 18, 2013 == is comparison. = is assignment. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.